CVE-2023-43119

CRITICAL

Extreme Networks Switch Engine <32.5.1.5 - Privilege Escalation

Title source: llm

Description

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

References (1)

Core 1

Core References

Vendor Advisory

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378

Scores

CVSS v3 9.8

EPSS 0.0061

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-284 CWE-863

Status published

Products (1)

extremenetworks/exos < 22.7

Published Oct 16, 2023

Tracked Since Feb 18, 2026