Remote, Unauthenticated XML Entity Expansion Denial of Service in ExtremeWireless WiNG Access Point/Controller

Remote, Unauthenticated XML Entity Expansion Denial of Service in ExtremeWireless WiNG Access Point/Controller

CVE-2018-5789 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.

Learn more about our Web App Pen Testing.