Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Extremexos | Extremenetworks | 15.7 (including) | 15.7 (including) |
| Extremexos | Extremenetworks | 16.1.2 (including) | 16.1.2 (including) |
| Extremexos | Extremenetworks | 16.1.3 (including) | 16.1.3 (including) |
| Extremexos | Extremenetworks | 16.1.4 (including) | 16.1.4 (including) |
| Extremexos | Extremenetworks | 16.2 (including) | 16.2 (including) |
| Extremexos | Extremenetworks | 16.2.2 (including) | 16.2.2 (including) |
| Extremexos | Extremenetworks | 16.2.3 (including) | 16.2.3 (including) |
| Extremexos | Extremenetworks | 16.2.4 (including) | 16.2.4 (including) |
| Extremexos | Extremenetworks | 21.1 (including) | 21.1 (including) |
| Extremexos | Extremenetworks | 21.1.1 (including) | 21.1.1 (including) |
| Extremexos | Extremenetworks | 21.1.2 (including) | 21.1.2 (including) |
| Extremexos | Extremenetworks | 21.1.3 (including) | 21.1.3 (including) |
| Extremexos | Extremenetworks | 21.1.4 (including) | 21.1.4 (including) |
| Extremexos | Extremenetworks | 22.1 (including) | 22.1 (including) |
| Extremexos | Extremenetworks | 22.2 (including) | 22.2 (including) |
| Extremexos | Extremenetworks | 22.3 (including) | 22.3 (including) |
| Extremexos | Extremenetworks | 22.4 (including) | 22.4 (including) |