CVE-2017-14332

moderate-risk

Published 2017-10-23

Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.

Do I need to act?

-

0.50% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (17)

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Extremexos

Affected Vendors

Extremenetworks

References (2)

Mitigation https://extremeportal.force.com/ExtrArticleDetail?n=000017765

Mitigation https://extremeportal.force.com/ExtrArticleDetail?n=000017765

45

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate