exploitDog

CVE-2025-11192

Опубликовано: 07 окт. 2025

Источник: nvd

CVSS3: 8.6

EPSS Низкий

Описание

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data.

Ссылки

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000130291
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:extremenetworks:fabric_engine_\(voss\):*:*:*:*:*:*:*:*

Версия до 9.3 (исключая)

EPSS

Процентиль: 25%

0.00084

Низкий

8.6 High

CVSS3

Дефекты

CWE-287

NVD-CWE-noinfo

Связанные уязвимости

GHSA-h5c2-mv2m-wmgj

CVSS3: 8.6

github

4 месяца назад

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data.

EPSS

Процентиль: 25%

0.00084

Низкий

8.6 High

CVSS3

Дефекты

CWE-287

NVD-CWE-noinfo