CVE-2025-11192
📋 TL;DR
This vulnerability in Extreme Networks Fabric Engine (VOSS) allows attackers to gain unauthorized access to network fabric and configuration data when SD-WAN AutoSense is enabled. It affects VOSS versions before 9.3 by exploiting improper authentication validation in ISIS protocol settings. Network administrators using affected VOSS configurations are at risk.
💻 Affected Systems
- Extreme Networks Fabric Engine (VOSS)
📦 What is this software?
Fabric Engine \(voss\) by Extremenetworks
⚠️ Risk & Real-World Impact
Worst Case
Complete network fabric compromise allowing data exfiltration, configuration manipulation, and lateral movement across the entire network infrastructure.
Likely Case
Unauthorized access to sensitive network configuration data and potential disruption of SD-WAN operations.
If Mitigated
Limited impact with proper network segmentation and monitoring, though configuration data exposure remains possible.
🎯 Exploit Status
Exploitation requires network access to vulnerable ports with SD-WAN AutoSense enabled
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 9.3 or later
Vendor Advisory: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000130291
Restart Required: Yes
Instructions:
1. Download VOSS version 9.3 or later from Extreme Networks support portal. 2. Backup current configuration. 3. Apply the update following Extreme Networks upgrade procedures. 4. Restart affected devices. 5. Verify SD-WAN AutoSense functionality post-upgrade.
🔧 Temporary Workarounds
Disable SD-WAN AutoSense
allTemporarily disable SD-WAN AutoSense on all ports until patching can be completed
configure terminal
interface <interface-name>
no sd-wan autosense enable
Implement Network Segmentation
allIsolate vulnerable ports using VLANs or firewall rules to limit attack surface
🧯 If You Can't Patch
- Implement strict network access controls to limit traffic to vulnerable ports
- Enable enhanced logging and monitoring for unauthorized access attempts to SD-WAN AutoSense interfaces
🔍 How to Verify
Check if Vulnerable:
Check VOSS version with 'show version' and verify if SD-WAN AutoSense is enabled on any ports with 'show running-config | include sd-wan autosense'Check Version:
show versionVerify Fix Applied:
Verify version is 9.3 or later with 'show version' and confirm SD-WAN AutoSense functionality is working properly📡 Detection & Monitoring
Log Indicators:
- Unauthorized ISIS authentication attempts
- Unexpected SD-WAN AutoSense configuration changes
- Access to fabric configuration from unauthorized sources
Network Indicators:
- Unusual ISIS protocol traffic to SD-WAN AutoSense enabled ports
- Unexpected configuration data transfers from fabric devices
SIEM Query:
source="voss_logs" AND (event_type="authentication_failure" OR event_type="configuration_change") AND (process="ISIS" OR process="SD-WAN")