CVE Vulnerabilities

CVE-2024-27453

Incorrect Privilege Assignment

Published: May 03, 2024 | Modified: Jun 10, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Extremexos Extremenetworks * 22.7 (excluding)

Potential Mitigations

References