CVE-2023-43118

HIGH

Extreme Networks EXOS 31.7.0-31.7.1 - Cross-Site Request Forgery via /jsonrpc API

Title source: llm
STIX 2.1

Description

Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0028
EPSS Percentile 19.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
extremenetworks/exos 31.7.0 - 31.7.2
Published Oct 16, 2023
Tracked Since Feb 18, 2026