MitreCVE-2023-35802CVE-2023-35802
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.3%
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| extremenetworks | iq_engine | * | cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:* |
| extremenetworks | ap122 | - | cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:* |
| extremenetworks | ap130 | - | cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:* |
| extremenetworks | ap150w | - | cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:* |
| extremenetworks | ap250 | - | cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:* |
| extremenetworks | ap30 | - | cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:* |
| extremenetworks | ap3000 | - | cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:* |
| extremenetworks | ap3000x | - | cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:* |
| extremenetworks | ap302w | - | cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:* |
| extremenetworks | ap305c | - | cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.3%