Vulnerability Description
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extremenetworks | Iq Engine | < 10.6r1 |
| Extremenetworks | Ap122 | - |
| Extremenetworks | Ap130 | - |
| Extremenetworks | Ap150W | - |
| Extremenetworks | Ap250 | - |
| Extremenetworks | Ap30 | - |
| Extremenetworks | Ap3000 | - |
| Extremenetworks | Ap3000X | - |
| Extremenetworks | Ap302W | - |
| Extremenetworks | Ap305C | - |
| Extremenetworks | Ap305C-1 | - |
| Extremenetworks | Ap305Cx | - |
| Extremenetworks | Ap4000 | - |
| Extremenetworks | Ap4000-1 | - |
| Extremenetworks | Ap410C | - |
| Extremenetworks | Ap410C-1 | - |
| Extremenetworks | Ap460C | - |
| Extremenetworks | Ap460S12C | - |
| Extremenetworks | Ap460S6C | - |
| Extremenetworks | Ap5010 | - |
Related Weaknesses (CWE)
References
- https://extremeportal.force.com/ExtrArticleDetail?an=000112741Vendor Advisory
- https://extremeportal.force.com/ExtrArticleDetail?an=000112741Vendor Advisory
FAQ
What is CVE-2023-35802?
CVE-2023-35802 is a vulnerability with a CVSS score of 9.8 (CRITICAL). IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code exec...
How severe is CVE-2023-35802?
CVE-2023-35802 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35802?
Check the references section above for vendor advisories and patch information. Affected products include: Extremenetworks Iq Engine, Extremenetworks Ap122, Extremenetworks Ap130, Extremenetworks Ap150W, Extremenetworks Ap250.