IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
References
| Link | Resource |
|---|---|
| https://extremeportal.force.com/ExtrArticleDetail?an=000112741 | Vendor Advisory |
| https://extremeportal.force.com/ExtrArticleDetail?an=000112741 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
History
21 Nov 2024, 08:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://extremeportal.force.com/ExtrArticleDetail?an=000112741 - Vendor Advisory |
26 Jul 2023, 21:39
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | (CONFIRM) https://extremeportal.force.com/ExtrArticleDetail?an=000112741 - Vendor Advisory | |
| CWE | CWE-120 | |
| First Time |
Extremenetworks ap550
Extremenetworks ap305c-1 Extremenetworks ap122 Extremenetworks ap4000-1 Extremenetworks ap4000 Extremenetworks ap630 Extremenetworks ap150w Extremenetworks ap5050d Extremenetworks ap305c Extremenetworks iq Engine Extremenetworks ap3000 Extremenetworks ap650 Extremenetworks ap302w Extremenetworks ap3000x Extremenetworks ap130 Extremenetworks ap305cx Extremenetworks ap460c Extremenetworks ap510cx Extremenetworks ap1130 Extremenetworks ap250 Extremenetworks ap410c Extremenetworks ap5050u Extremenetworks ap650x Extremenetworks ap460s12c Extremenetworks ap510c Extremenetworks Extremenetworks ap460s6c Extremenetworks ap410c-1 Extremenetworks ap5010 Extremenetworks ap30 |
|
| CPE | cpe:2.3:h:extremenetworks:ap4000-1:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap5010:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap460c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap550:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap5050u:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap650x:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap305cx:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap5050d:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap630:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap460s12c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap1130:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap650:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap460s6c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap305c-1:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap510cx:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap410c-1:-:*:*:*:*:*:*:* cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap410c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap4000:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap510c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:* |
15 Jul 2023, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-15 02:15
Updated : 2024-11-21 08:08
NVD link : CVE-2023-35802
Mitre link : CVE-2023-35802
CVE.ORG link : CVE-2023-35802
JSON object : View
Products Affected
extremenetworks
- ap410c-1
- ap4000-1
- ap650
- ap550
- ap460c
- ap302w
- ap130
- ap460s12c
- ap460s6c
- ap305c-1
- ap5010
- iq_engine
- ap3000x
- ap122
- ap1130
- ap510cx
- ap410c
- ap650x
- ap3000
- ap510c
- ap305c
- ap5050u
- ap150w
- ap630
- ap5050d
- ap250
- ap4000
- ap30
- ap305cx
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')