ExtremePacs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH ExtremePacs CVE published 2024-04-05

CVE-2023-6523

CVE-2023-6523 describes an authorization bypass in ExtremePacs Extreme XDS caused by a user-controlled key, enabling authentication abuse. The issue affects Extreme XDS versions before 3914 and carries a CVSS 3.1 score of 8.8 (HIGH). Public references include NVD and USOM advisories, and the weakness was mapped to CWE-639 in the source corpus. Organizations running Extreme XDS should verify whether they a [truncated]

HIGH ExtremePacs CVE published 2024-04-05

CVE-2023-6522

CVE-2023-6522 is an Extreme XDS vulnerability described as an incorrect use of privileged APIs that can allow collection of data as provided by users. The affected range is versions before 3914. The NVD record rates the issue 7.2 HIGH and describes it as remotely reachable without authentication or user interaction.