Unauthorized Access Vulnerability in XIQ-SE by Extreme Networks
CVE-2024-38291

8.8HIGH

Key Information:

Vendor: Extreme Networks
Status: XIQ-SE
Vendor: CVE Published:; 27 February 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2024-38291?

A vulnerability in XIQ-SE before version 24.2.11 allows a low-privileged user to gain access to admin passwords. This unauthorized access poses significant security risks as it could lead to privilege escalation, enabling malicious actors to perform unauthorized actions within the system. Users of XIQ-SE should update to the latest version to mitigate potential threats associated with this vulnerability.

References

https://community.extremenetworks.com/t5/security-advisor...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Jun 13, 2024

CVE-2024-38291 Data

JSON