SA-2023-102 – Privilege escalation via forged HTTP request (CVE-2023-43120)

Extreme Networks Security Advisory

It is possible to escalate permissions from a user with “read-only” permissions to an administrator “read-write” permissions by using the telnet tool may be used to forge an HTTP request to obtain administrator privilege.

Extreme Networks acknowledges and thanks David Yesland of Rhino Security Labs for reporting this vulnerability to Extreme under coordinated vulnerability disclosure protocols.