Extreme Networks

SamPirok · ‎04-04-2022

Please be advised that SA-2022-003 has been published. This is a first in a series of "Spring4Shell" advisories.

Security Advisory Link: Security Advisory: SA-2022-003 – "Spring4Shell" (CVE-2022-22965) | Extreme Portal (force.com)

Summary:

A Spring MVC or Spring WebFlux application may be vulnerable to remote code execution (RCE) via data binding. You can find a list of all products and whether or not they are effected by this advisory in the article linked above.

Danny_Schaper · ‎04-29-2022

@Sam Pirok When will these articles be updated? There are still some products under investigation...

SamPirok · ‎04-29-2022

Hi Danny, those articles should be updated as soon as we know more. If you can let me know which product you're interested in, I can double check internally to see if I can find anything out for you?

Danny_Schaper · ‎04-29-2022

Hi Sam. Thanks for your quick response. I'm interested in BOSS and WiNG products in this case.

Danny_Schaper · ‎05-11-2022

Hi Sam, any news on this?

SamPirok · ‎05-25-2022

Hi Danny, sorry for the long wait here. I've just been told that we've updated our documentation to show that these products are not affected by the above CVE. Please let me know if I can help with anything else, and thanks very much for your patience.

Danny_Schaper · ‎05-30-2022

Hi Sam, I've noticed that last Wednesday. Thanks!

Extreme Networks

Security Advisory - SA-2022-003 - "Spring4Shell" (CVE-2022-22965)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)