CVE Tools

extremenetworks

Networking InfrastructureUScommercial

17

Cumulative CVEs

5

Monthly snapshots

#68

Peak rank

Top products

exos4 iq engine1

Latest CVEs

The 15 most recently published vulnerabilities affecting extremenetworks.

CVE-2026-0689XIQ‑SE NAC Admin Credential Exposure via HTTP Response4.9Mar 2, 2026
CVE-2025-11192Fabric Engine (VOSS) AutoSense Authentication Bypass8.6Oct 7, 2025
CVE-2025-8679ExtremeGuest Essentials Captive Portal Unauthenticated Brute Force9.8Oct 1, 2025
CVE-2025-6235ExtremeControl (NAC) 'onmouseover' XSS6.1Jul 21, 2025
CVE-2025-6083ExtremeCloud Universal ZTNA Improper Authorization4.3Jun 13, 2025
CVE-2024-38292In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.9.8Feb 27, 2025
CVE-2024-38291In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.8.8Feb 27, 2025
CVE-2024-38290In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.5.3Feb 27, 2025
CVE-2020-18305Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or esc...8.0May 13, 2024
CVE-2024-27453In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).8.6May 3, 2024
CVE-2023-43121A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.7.5Oct 16, 2023
CVE-2023-43120An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.8.8Oct 16, 2023
CVE-2023-43119An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands v...9.8Oct 16, 2023
CVE-2023-43118Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code a...8.8Oct 16, 2023
CVE-2023-35803IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.9.8Oct 4, 2023