CVE-2024-38292

Critical CVSS: 9.8

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.

Vendor

Extremenetworks

Product

Xiq-se

CWE

CWE-22

Yayın Tarihi

2025-02-27 22:15:38

Güncelleme

2025-07-11 16:27:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-22 Xiq-se CRITICAL Extremenetworks 2025

Referanslar

https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362

Benzer Kayıtlar

High

CVE-2025-11192

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on…

High

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure…

Medium

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the…

Medium

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id fi…

Medium

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.

High

CVE-2024-38291

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege esc…