CVE-2025-11192

High CVSS: 8.4

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data.

Vendor

Extremenetworks

Product

Fabric Engine \(voss\)

CWE

CWE-287

Yayın Tarihi

2025-10-07 19:15:33

Güncelleme

2026-01-15 02:10:58

Source Identifier

1c053176-eef3-4d6a-ae0b-24728c86587b

KEV Date Added

Kategoriler

CWE-287 Fabric Engine \(voss\) HIGH Extremenetworks 2025

Referanslar

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000130291

Benzer Kayıtlar

High

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure…

Medium

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the…

Medium

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id fi…

Medium

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.

High

CVE-2024-38291

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege esc…

Critical

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which ma…