Crafted HTTP POST Request Can Escalate Privileges to Root in Extreme XOS
CVE-2024-27453

8.6HIGH

Key Information:

Vendor: Extreme Networks
Status: Extremexos
Vendor: CVE Published:; 3 May 2024

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2024-27453?

A vulnerability has been identified in Extreme XOS, affecting versions up to 22.6.1.4, where a read-only user can escalate their privileges to root. This is achieved by sending a specially crafted HTTP POST request to the Machine-to-Machine Interface (MMI) through a Python method. Exploitation of this vulnerability could allow unauthorized access and control over the affected system, posing significant security risks.

References

https://www.exsiliumsecurity.com/CVE-2024-27453.html

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024

CVE-2024-27453 Data

JSON