CVE-2023-43119 – An access control vulnerability in Extreme Netw... (How to Fix)

Q: What is the severity of CVE-2023-43119?

CVE-2023-43119 has a CVSS score of 9.8 (CRITICAL). An access control vulnerability in Extreme Networks Switch Engine (EXOS) allows attackers to gain escalated privileges via crafted telnet commands through the Redis server. This affects EXOS versions before 32.5.1.5, also fixed in 22.7 and 31.7.2. Attackers can potentially gain administrative control of affected network switches.

📋 TL;DR

An access control vulnerability in Extreme Networks Switch Engine (EXOS) allows attackers to gain escalated privileges via crafted telnet commands through the Redis server. This affects EXOS versions before 32.5.1.5, also fixed in 22.7 and 31.7.2. Attackers can potentially gain administrative control of affected network switches.

💻 Affected Systems

Products:

Extreme Networks Switch Engine (EXOS)

Versions: Versions before 32.5.1.5, also fixed in 22.7 and 31.7.2

Operating Systems: EXOS (network switch operating system)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires telnet access to the Redis server component. Systems with telnet disabled or Redis access restricted may be less vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network switch with administrative privileges, enabling network traffic interception, configuration changes, and lateral movement to other systems.

🟠

Likely Case

Unauthorized administrative access to switch, allowing configuration changes, traffic monitoring, and potential denial of service.

🟢

If Mitigated

Limited impact if Redis server access is restricted and telnet is disabled in favor of secure protocols.

🌐 Internet-Facing: HIGH if telnet or Redis services are exposed to the internet, as exploitation requires network access to these services.

🏢 Internal Only: HIGH as internal attackers or compromised systems can exploit this to gain switch administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires telnet access to the Redis server. The vulnerability involves crafted telnet commands to bypass access controls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 32.5.1.5, 22.7, or 31.7.2

Vendor Advisory: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378

Restart Required: Yes

Instructions:

1. Download the patched EXOS version from Extreme Networks support portal. 2. Backup current configuration. 3. Upgrade switch firmware to 32.5.1.5, 22.7, or 31.7.2. 4. Reboot switch. 5. Verify version and functionality.

🔧 Temporary Workarounds

Disable Telnet Access

all

Disable telnet service to prevent exploitation via crafted telnet commands.

disable telnet

Restrict Redis Server Access

all

Configure firewall rules to restrict access to Redis server port (default 6379).

configure access-list to block unauthorized Redis access

🧯 If You Can't Patch

Disable telnet service and use SSH for management access
Implement network segmentation to restrict access to switch management interfaces

🔍 How to Verify

Check if Vulnerable:

Check EXOS version with 'show version' command. If version is before 32.5.1.5 and not 22.7 or 31.7.2, system is vulnerable.

Check Version:

show version

Verify Fix Applied:

After patching, run 'show version' to confirm version is 32.5.1.5, 22.7, or 31.7.2. Verify telnet is disabled if using workaround.

📡 Detection & Monitoring

Log Indicators:

Unusual telnet connection attempts to Redis port
Multiple failed authentication attempts followed by successful privileged access
Configuration changes from unexpected sources

Network Indicators:

Telnet traffic to Redis port (6379) from unauthorized sources
Unusual network traffic patterns from switch management interface

SIEM Query:

source_ip="switch_management_ip" AND (protocol="telnet" OR port=6379) AND event_type="authentication" AND result="success"

📊 Metadata

CVE ID: CVE-2023-43119

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: October 16, 2023

Last Updated: November 21, 2024

🔗 References

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378 Vendor Advisory
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43119, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Exos by Extremenetworks

Exos by Extremenetworks

Exos by Extremenetworks

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Telnet Access

Restrict Redis Server Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities