IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
References
| Link | Resource |
|---|---|
| https://extremeportal.force.com/ExtrArticleDetail?an=000112741 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
History
26 Jul 2023, 21:39
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-120 | |
| CPE | cpe:2.3:h:extremenetworks:ap5050u:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap460s6c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:* cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap5010:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap460s12c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap305c-1:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap460c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap630:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap510cx:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap550:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap4000-1:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap410c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap650:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap1130:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap5050d:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap510c:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap4000:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap650x:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap305cx:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap410c-1:-:*:*:*:*:*:*:* cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:* |
|
| References | (CONFIRM) https://extremeportal.force.com/ExtrArticleDetail?an=000112741 - Vendor Advisory | |
| First Time |
Extremenetworks ap4000
Extremenetworks ap460s12c Extremenetworks ap630 Extremenetworks Extremenetworks ap1130 Extremenetworks iq Engine Extremenetworks ap250 Extremenetworks ap30 Extremenetworks ap305c-1 Extremenetworks ap410c Extremenetworks ap460s6c Extremenetworks ap305c Extremenetworks ap510cx Extremenetworks ap5010 Extremenetworks ap3000 Extremenetworks ap5050d Extremenetworks ap305cx Extremenetworks ap122 Extremenetworks ap3000x Extremenetworks ap302w Extremenetworks ap5050u Extremenetworks ap510c Extremenetworks ap460c Extremenetworks ap650x Extremenetworks ap650 Extremenetworks ap410c-1 Extremenetworks ap550 Extremenetworks ap150w Extremenetworks ap4000-1 Extremenetworks ap130 |
15 Jul 2023, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-15 02:15
Updated : 2023-07-26 21:39
NVD link : CVE-2023-35802
Mitre link : CVE-2023-35802
JSON object : View
Products Affected
extremenetworks
- ap650
- ap5050u
- ap630
- ap460s12c
- ap510cx
- ap122
- ap5050d
- ap250
- ap305c
- ap510c
- ap460c
- ap150w
- ap302w
- ap130
- iq_engine
- ap460s6c
- ap30
- ap4000-1
- ap1130
- ap4000
- ap305cx
- ap3000
- ap410c
- ap410c-1
- ap650x
- ap305c-1
- ap550
- ap5010
- ap3000x
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')