Vulnerability Notices || VN 2017-003 & VN 2017-004

  • 1
  • Announcement
  • Updated 4 months ago
  • (Edited)
Extreme Networks has been made aware of a number of vulnerabilities present in its ExtremeXOS software. These vulnerabilities have been resolved in currently available releases and are described in two separate Vulnerability Notices, listed below: Customers with a current maintenance and support contract may access the Extreme Portal for software updates at:

If you have additional questions concerning this information, post a response below or contact your Extreme Networks representative.

NOTE: Extreme's Vulnerability Notices are posted in the GTAC Knowledge section of the Extreme Portal.
Photo of Drew C.

Drew C., Community Manager

  • 35,982 Points 20k badge 2x thumb

Posted 4 months ago

  • 1
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,606 Points 10k badge 2x thumb

VN 2017-003 is a bit funny, since other vendors allow root access to the switches by default and admin privileges are needed to escalate to root.

I accept that a possibility to restrict root access by configuration can be useful, as planned for addressing the "vulnerabilities."