CVE-2023-35802
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
Affected (2)
Products: Extremenetworks: Iq Engine
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.6r1 |
| Running on/with | Platform Versions |
|---|---|
Extremenetworks Ap122 | All versions |
Extremenetworks Ap130 | All versions |
Extremenetworks Ap150w | All versions |
Extremenetworks Ap250 | All versions |
Extremenetworks Ap30 | All versions |
Extremenetworks Ap3000 | All versions |
Extremenetworks Ap3000x | All versions |
Extremenetworks Ap302w | All versions |
Extremenetworks Ap305c | All versions |
Extremenetworks Ap305c 1 | All versions |
Extremenetworks Ap305cx | All versions |
Extremenetworks Ap4000 | All versions |
Extremenetworks Ap4000 1 | All versions |
Extremenetworks Ap410c | All versions |
Extremenetworks Ap410c 1 | All versions |
Extremenetworks Ap460c | All versions |
Extremenetworks Ap460s12c | All versions |
Extremenetworks Ap460s6c | All versions |
Extremenetworks Ap5010 | All versions |
Extremenetworks Ap5050d | All versions |
Extremenetworks Ap5050u | All versions |
Extremenetworks Ap510c | All versions |
Extremenetworks Ap510cx | All versions |
Extremenetworks Ap630 | All versions |
Extremenetworks Ap650 | All versions |
Extremenetworks Ap650x | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.6r5 |
| Running on/with | Platform Versions |
|---|---|
Extremenetworks Ap1130 | All versions |
Extremenetworks Ap550 | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.