Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Extremexos | Extremenetworks | 15.7 (including) | 15.7 (including) |
| Extremexos | Extremenetworks | 16.1.2 (including) | 16.1.2 (including) |
| Extremexos | Extremenetworks | 16.1.3 (including) | 16.1.3 (including) |
| Extremexos | Extremenetworks | 16.1.4 (including) | 16.1.4 (including) |
| Extremexos | Extremenetworks | 16.2 (including) | 16.2 (including) |
| Extremexos | Extremenetworks | 16.2.2 (including) | 16.2.2 (including) |
| Extremexos | Extremenetworks | 16.2.3 (including) | 16.2.3 (including) |
| Extremexos | Extremenetworks | 16.2.4 (including) | 16.2.4 (including) |
| Extremexos | Extremenetworks | 21.1 (including) | 21.1 (including) |
| Extremexos | Extremenetworks | 21.1.1 (including) | 21.1.1 (including) |
| Extremexos | Extremenetworks | 21.1.2 (including) | 21.1.2 (including) |
| Extremexos | Extremenetworks | 21.1.3 (including) | 21.1.3 (including) |
| Extremexos | Extremenetworks | 21.1.4 (including) | 21.1.4 (including) |
| Extremexos | Extremenetworks | 22.1 (including) | 22.1 (including) |
| Extremexos | Extremenetworks | 22.2 (including) | 22.2 (including) |
| Extremexos | Extremenetworks | 22.3 (including) | 22.3 (including) |
| Extremexos | Extremenetworks | 22.4 (including) | 22.4 (including) |