Summary
Endpoints of the Chalet application are vulnerable to CSRF allowing a cross-domain request to force an authenticated user to perform actions. This includes the /jsonrpc API which can force an admin user to execute commands on the device (RCE).
Extreme Networks acknowledges and thanks David Yesland of Rhino Security Labs for reporting this vulnerability to Extreme under coordinated vulnerability disclosure protocols.
Products not listed in the Products Potentially Affected section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.
Products Potentially Affected
OS/Product |
Exposure |
Switch Engine (EXOS) |
Yes |
Repair Recommendations
Switch Engine (EXOS):
- Fixed in 22.7.5.1 or later.
- Fixed in 31.3.100 or later.
- Fixed in 31.7.2.28 or later.
- Fixed in 32.5.1.5 or later.
Please see the full Security Advisory article here for more details and updated information.