Overview
- Description
- Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:extremenetworks:exos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51484ECC-3B51-434F-8708-D5D914254A7D",
"versionEndExcluding": "31.7.2",
"versionStartIncluding": "31.7.0"
},
{
"criteria": "cpe:2.3:o:extremenetworks:exos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF47D6A6-2028-4547-A05E-EE9576AC557B",
"versionEndExcluding": "32.5.1.5",
"versionStartIncluding": "32.0"
}
],
"operator": "OR"
}
]
}
]