search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Vulnerability Note VU#937838

Original Release Date: 2005-05-18 | Last Revised: 2005-05-25


Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level (root) privileges.


Extreme Network switches running ExtremeWare XOS contain a vulnerability that permits arbitrary command execution as the super user of the underlying operating system by any authenticated XOS user, including those created as non-privileged XOS users.

In order to exploit this vulnerability, the user must be authenticated to XOS.


Any authenticated XOS user can potentially execute arbitrary commands with administrator-level access to the underlying operating system of the switches.


Apply a patch available from the Vendor. For more information see the vendor field notice FN0215:


Until and after the patch can be applied, consider restricting account access to only those users who are authorized to make configuration changes. It is also advisable to consider the use of firewalls/port blocking to restrict network authentication access to as few hosts as practical. Note that this will not completely mitigate this vulnerability, but will limit the vectors for attack.

Vendor Information


Extreme Networks Affected

Notified:  April 27, 2005 Updated: May 18, 2005



Vendor Statement

The Field notice has been published on the extremenetworks website.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Extreme Networks for directly reporting this vulnerability and providing analytical information. Extreme Networks in turn thanks Matt Johnson and Stuart McRobert, Department of Computing, Imperial College London who discovered and reported the vulnerability to Extreme Networks.

This document was written by Robert Mead.

Other Information

CVE IDs: CVE-2005-1670
Severity Metric: 4.95
Date Public: 2005-05-12
Date First Published: 2005-05-18
Date Last Updated: 2005-05-25 18:39 UTC
Document Revision: 21

Sponsored by CISA.