Description: Endpoints of the Chalet application are vulnerable to CSRF allowing a cross-domain request to force an authenticated user to perform actions. This includes the /jsonrpc API which can force an admin user to execute commands on the device (RCE).
Versions Affected: 32.1.1.6
Version Fixed: See the vendors advisory
Researcher: David Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities
Advisory: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114379
Exploits a CSRF vulnerability against an admin user to run commands on the device.
As an authenticated admin, load the CSRF POC HTML.