Extreme Networks Aerohive HiveOS 11.x Denial Of Service
Posted by deepcore on May 7, 2020 – 7:54 pm
Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.
Post a reply
You must be logged in to post a comment.