CVE-2023-35802

Published Jul 15, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0492F4F6-AF0B-478C-8D7C-68DCE2AB1989",
            "versionEndExcluding": "10.6r1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "60779E2E-9C16-430C-AAD5-51410B5894E5"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0BA56D5-E3C8-402F-8852-F7F9864C3A7F"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95B91235-8FB7-4BB2-99BC-D53074ECEEE3"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2831D50B-3BCE-4166-BDD6-E38317B92E2C"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "27CCA45A-C187-46AE-825C-0DF85824CD3E"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "96D3DFF3-8C35-4860-B904-DDEEA6C68827"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4303FD05-94B4-4D42-BBB9-1E5725DC89C6"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3B393FA2-8528-4977-B2F3-D42FF4A78E5B"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9384ECB-2EAF-4049-A644-481E9BE00FA9"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap305c-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE2C4A69-7A54-45E9-9940-99272E41FC21"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap305cx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "001C25E7-F884-4AFD-80DB-40FB6742292B"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap4000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CCDCBF18-E614-4F63-8C0A-BF28E47B4D6C"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap4000-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CBA85B9D-5D40-44CA-B345-A9B33E2854D6"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap410c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E5F69587-452F-474A-9389-F9AFE439285C"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap410c-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "56CA142E-9947-4854-9F56-1D24F45F7A2D"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap460c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0E0E816A-C583-4985-94D2-E97B8B87A818"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap460s12c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36189326-1798-4312-B61B-BB9DEFB94028"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap460s6c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4207CD0-E7DF-4DAB-BEE6-93387D5C29BB"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap5010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E2A0429-3DCB-4E33-9145-D80005B85150"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap5050d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EF2B1AB3-EB5D-46B3-B5E0-6A7A8151403E"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap5050u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E8E2F84-964A-49CB-B00C-080669298FB6"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap510c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8123B7E3-28A2-4786-95B5-804B8FBF0E53"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap510cx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D76938F-9812-4E8D-9C37-1A05FAE27CD7"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap630:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "98AFB5E8-BBBB-401C-AEEC-CF36DBB1D07E"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1053DDC0-0385-4A86-80E1-D4424274F550"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap650x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E838B1A4-542F-421E-967C-7437C449E465"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B79A1496-89B4-4871-90B1-D8CB936EFB7C",
            "versionEndExcluding": "10.6r5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap1130:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06EE00F8-1B3C-4686-BC66-1015E4C62CAD"
          },
          {
            "criteria": "cpe:2.3:h:extremenetworks:ap550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4BF23B23-0DC0-4C65-BFB1-B09F03902369"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References