CVE Vulnerabilities

CVE-2017-14330

Improper Privilege Management

Published: Oct 23, 2017 | Modified: Oct 03, 2019
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Extremexos Extremenetworks 21.1 21.1
Extremexos Extremenetworks 21.1.1 21.1.1
Extremexos Extremenetworks 21.1.2 21.1.2
Extremexos Extremenetworks 21.1.3 21.1.3
Extremexos Extremenetworks 21.1.4 21.1.4
Extremexos Extremenetworks 22.1 22.1
Extremexos Extremenetworks 22.2 22.2
Extremexos Extremenetworks 22.3 22.3
Extremexos Extremenetworks 22.4 22.4
Extremexos Extremenetworks 16.1.2 16.1.2
Extremexos Extremenetworks 16.1.3 16.1.3
Extremexos Extremenetworks 16.1.4 16.1.4
Extremexos Extremenetworks 16.2 16.2
Extremexos Extremenetworks 16.2.2 16.2.2
Extremexos Extremenetworks 16.2.3 16.2.3
Extremexos Extremenetworks 16.2.4 16.2.4
Extremexos Extremenetworks 15.7 15.7

Potential Mitigations

References