CVE-2023-35802 - OpenCVE

IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Extremenetworks	Ap1130 Ap122 Ap130 Ap150w Ap250 Ap30 Ap3000 Ap3000x Ap302w Ap305c Ap305c-1 Ap305cx Ap4000 Ap4000-1 Ap410c Ap410c-1 Ap460c Ap460s12c Ap460s6c Ap5010 Ap5050d Ap5050u Ap510c Ap510cx Ap550 Ap630 Ap650 Ap650x Iq Engine

Configuration 1 [-]

AND

cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:extremenetworks:ap122:-:::::::*
	cpe:2.3:h:extremenetworks:ap130:-:::::::*
	cpe:2.3:h:extremenetworks:ap150w:-:::::::*
	cpe:2.3:h:extremenetworks:ap250:-:::::::*
	cpe:2.3:h:extremenetworks:ap30:-:::::::*
	cpe:2.3:h:extremenetworks:ap3000:-:::::::*
	cpe:2.3:h:extremenetworks:ap3000x:-:::::::*
	cpe:2.3:h:extremenetworks:ap302w:-:::::::*
	cpe:2.3:h:extremenetworks:ap305c:-:::::::*
	cpe:2.3:h:extremenetworks:ap305c-1:-:::::::*
	cpe:2.3:h:extremenetworks:ap305cx:-:::::::*
	cpe:2.3:h:extremenetworks:ap4000:-:::::::*
	cpe:2.3:h:extremenetworks:ap4000-1:-:::::::*
	cpe:2.3:h:extremenetworks:ap410c:-:::::::*
	cpe:2.3:h:extremenetworks:ap410c-1:-:::::::*
	cpe:2.3:h:extremenetworks:ap460c:-:::::::*
	cpe:2.3:h:extremenetworks:ap460s12c:-:::::::*
	cpe:2.3:h:extremenetworks:ap460s6c:-:::::::*
	cpe:2.3:h:extremenetworks:ap5010:-:::::::*
	cpe:2.3:h:extremenetworks:ap5050d:-:::::::*
	cpe:2.3:h:extremenetworks:ap5050u:-:::::::*
	cpe:2.3:h:extremenetworks:ap510c:-:::::::*
	cpe:2.3:h:extremenetworks:ap510cx:-:::::::*
	cpe:2.3:h:extremenetworks:ap630:-:::::::*
	cpe:2.3:h:extremenetworks:ap650:-:::::::*
	cpe:2.3:h:extremenetworks:ap650x:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:extremenetworks:ap1130:-:::::::*
	cpe:2.3:h:extremenetworks:ap550:-:::::::*

No data.

References

Link	Providers
https://extremeportal.force.com/ExtrArticleDetail?an=000112741

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-15T00:00:00

Updated: 2024-08-02T16:30:45.237Z

Reserved: 2023-06-17T00:00:00

Link: CVE-2023-35802

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-15T02:15:08.803

Modified: 2023-07-26T21:39:28.837

Link: CVE-2023-35802

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object