CVE Vulnerabilities

CVE-2020-18305

Improper Authentication

Published: May 14, 2024 | Modified: Jun 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Extremexos Extremenetworks * 22.7 (excluding)
Extremexos Extremenetworks 30.1 (including) 30.1 (including)

Potential Mitigations

References