CVE-2023-43119 - Vulnerability Details - OpenCVE

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Extremenetworks	Exos

Configuration 1 [-]

OR	cpe:2.3:o:extremenetworks:exos::::::::
	cpe:2.3:o:extremenetworks:exos::::::::
	cpe:2.3:o:extremenetworks:exos::::::::

No data.

References

Link	Providers
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-16T00:00:00

Updated: 2024-09-17T16:19:08.923Z

Reserved: 2023-09-18T00:00:00

Link: CVE-2023-43119

Vulnrichment

Updated: 2024-08-02T19:37:23.023Z

NVD

Status : Modified

Published: 2023-10-16T20:15:15.160

Modified: 2024-11-21T08:23:43.593

Link: CVE-2023-43119

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:extremenetworks:exos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D24D6059-8005-487C-824A-DA558414E521", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:extremenetworks:exos:*:*:*:*:*:*:*:*", "matchCriteriaId": "51484ECC-3B51-434F-8708-D5D914254A7D", "versionEndExcluding": "31.7.2", "versionStartIncluding": "31.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:extremenetworks:exos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF47D6A6-2028-4547-A05E-EE9576AC557B", "versionEndExcluding": "32.5.1.5", "versionStartIncluding": "32.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server."}, {"lang": "es", "value": "Un problema de Control de Acceso descubierto en Extreme Networks Switch Engine (EXOS) anterior a 32.5.1.5, tambi\u00e9n solucionado en 22.7, 31.7.2, permite a los atacantes obtener privilegios aumentados utilizando comandos telnet manipulados a trav\u00e9s del servidor Redis."}], "id": "CVE-2023-43119", "lastModified": "2024-11-21T08:23:43.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-16T20:15:15.160", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}