CVE-2023-35803

Published: Oct 4, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.

Affected (2)

Products: Extremenetworks: Iq Engine

Extremenetworks

1 product

Configuration A

1 vulnerable · 21 platform

Vulnerable Software	Affected Versions
Extremenetworks Iq Engine	Before 10.6r2

Running on/with	Platform Versions
Extremenetworks Ap3000	All versions
Extremenetworks Ap3000x	All versions
Extremenetworks Ap302w	All versions
Extremenetworks Ap305c	All versions
Extremenetworks Ap305c 1	All versions
Extremenetworks Ap305cx	All versions
Extremenetworks Ap4000	All versions
Extremenetworks Ap4000 1	All versions
Extremenetworks Ap410c	All versions
Extremenetworks Ap410c 1	All versions
Extremenetworks Ap460c	All versions
Extremenetworks Ap460s12c	All versions
Extremenetworks Ap460s6c	All versions
Extremenetworks Ap5010	All versions
Extremenetworks Ap5050d	All versions
Extremenetworks Ap5050u	All versions
Extremenetworks Ap510c	All versions
Extremenetworks Ap510cx	All versions
Extremenetworks Ap630	All versions
Extremenetworks Ap650	All versions
Extremenetworks Ap650x	All versions

Configuration B

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Extremenetworks Iq Engine	Before 10.6r5

Running on/with	Platform Versions
Extremenetworks Ap1130	All versions
Extremenetworks Ap122	All versions
Extremenetworks Ap130	All versions
Extremenetworks Ap150w	All versions
Extremenetworks Ap250	All versions
Extremenetworks Ap30	All versions
Extremenetworks Ap550	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-067-iq-engine-acsd-service-buffer-overflow-cve-2023/ba-p/96472

Source: cve@mitre.org

Vendor Advisory

https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-067-iq-engine-acsd-service-buffer-overflow-cve-2023/ba-p/96472

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.