Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Extreme Networks Aerohive HiveOS Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in Extreme Networks Aerohive HiveOS versions through 11.x. This vulnerability allows unauthenticated attackers to disrupt service by sending crafted HTTP requests to the NetConfig UI. The exploitation of this vulnerability causes the web interface to become unresponsive for approximately five minutes.
Impact
Exploitation of this vulnerability leads to a temporary denial-of-service condition, causing the application to become unresponsive for about five minutes.
Reproduction
The vulnerability can be reproduced by sending an HTTP request to the 'action.php5' script with specific parameters that trigger the 'CliWindow' function. This can be done using a proof-of-concept script that automates the process.
Remediation
Extreme Networks has not yet released a patch for this vulnerability. However, the web server UI can be disabled via the command line interface.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.