CVE-2017-14332

Published Oct 23, 2017

Last updated 25 days ago

CVSS high 8.1

Overview

Description: Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:15.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10A3F12F-B2C4-430C-A17C-1D7E644DA1EA"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E4413DB-0B93-4111-B5A4-E6F35D7C6BF8"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6EAFB3-3747-4F28-A3E7-EE6BB32E82E9"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47CD1A1D-86F8-4421-9728-2C150562576C"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46FA8F0C-C560-4E34-BBA1-3DB8793458A7"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "477D6932-555D-4563-BCB8-FDDB537E1FED"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA9DBA4C-46D8-4094-B0AB-2682E77FBE70"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:16.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49C73AFB-C826-4370-BC69-AFE3C1575465"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1409DBBE-EADF-4237-BD2D-32EE2D28C985"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:21.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9311A95-4875-4ED7-A78B-62187A1D4DB7"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:21.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97E0D1F6-B4D9-4C9D-A840-AA1460B8FEF2"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:21.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DC4F9FE-D10C-4967-A1AA-273835DE8876"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:21.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0FF9EDE-448B-40DF-95B9-0924D590B8DE"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:22.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AA527BE-C0CD-4CA5-9713-58371D8F1F63"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:22.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C0F71B7-A9CA-4B07-9550-64761ED94433"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:22.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3232567C-B89C-46EA-96DB-FAB08181BC86"
          },
          {
            "criteria": "cpe:2.3:o:extremenetworks:extremexos:22.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A18321A-679E-4890-ACEA-CBD9231E3E18"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References