CVE-2023-43118

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 16, 2023

Updated: Oct 27, 2023

CWE ID 352

Summary

CVE-2023-43118 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Extreme Networks Switch Engine (EXOS) in versions before 32.5.1.5. This issue permits attackers to execute arbitrary code and potentially cause unspecified impacts by exploiting the /jsonrpc API. The Chalet application is the targeted component. The vulnerability has been rectified in versions 31.7.2 and 32.5.1.5.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Extreme Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/st8Rkj
https://www.cve.org/CVERecord?id=CVE-2023-43118
https://nvd.nist.gov/vuln/detail/CVE-2023-43118

Back to Vulnerability Database

CVE-2023-43118

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations