CVE-2023-35802

{"id": "CVE-2023-35802", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-07-15T02:15:08.803", "references": [{"url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit."}], "lastModified": "2024-11-21T08:08:44.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0492F4F6-AF0B-478C-8D7C-68DCE2AB1989", "versionEndExcluding": "10.6r1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60779E2E-9C16-430C-AAD5-51410B5894E5"}, {"criteria": "cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0BA56D5-E3C8-402F-8852-F7F9864C3A7F"}, {"criteria": "cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95B91235-8FB7-4BB2-99BC-D53074ECEEE3"}, {"criteria": "cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2831D50B-3BCE-4166-BDD6-E38317B92E2C"}, {"criteria": "cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "27CCA45A-C187-46AE-825C-0DF85824CD3E"}, {"criteria": "cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96D3DFF3-8C35-4860-B904-DDEEA6C68827"}, {"criteria": "cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4303FD05-94B4-4D42-BBB9-1E5725DC89C6"}, {"criteria": "cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3B393FA2-8528-4977-B2F3-D42FF4A78E5B"}, {"criteria": "cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9384ECB-2EAF-4049-A644-481E9BE00FA9"}, {"criteria": "cpe:2.3:h:extremenetworks:ap305c-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE2C4A69-7A54-45E9-9940-99272E41FC21"}, {"criteria": "cpe:2.3:h:extremenetworks:ap305cx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "001C25E7-F884-4AFD-80DB-40FB6742292B"}, {"criteria": "cpe:2.3:h:extremenetworks:ap4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCDCBF18-E614-4F63-8C0A-BF28E47B4D6C"}, {"criteria": "cpe:2.3:h:extremenetworks:ap4000-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CBA85B9D-5D40-44CA-B345-A9B33E2854D6"}, {"criteria": "cpe:2.3:h:extremenetworks:ap410c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5F69587-452F-474A-9389-F9AFE439285C"}, {"criteria": "cpe:2.3:h:extremenetworks:ap410c-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56CA142E-9947-4854-9F56-1D24F45F7A2D"}, {"criteria": "cpe:2.3:h:extremenetworks:ap460c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E0E816A-C583-4985-94D2-E97B8B87A818"}, {"criteria": "cpe:2.3:h:extremenetworks:ap460s12c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36189326-1798-4312-B61B-BB9DEFB94028"}, {"criteria": "cpe:2.3:h:extremenetworks:ap460s6c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4207CD0-E7DF-4DAB-BEE6-93387D5C29BB"}, {"criteria": "cpe:2.3:h:extremenetworks:ap5010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E2A0429-3DCB-4E33-9145-D80005B85150"}, {"criteria": "cpe:2.3:h:extremenetworks:ap5050d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF2B1AB3-EB5D-46B3-B5E0-6A7A8151403E"}, {"criteria": "cpe:2.3:h:extremenetworks:ap5050u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E8E2F84-964A-49CB-B00C-080669298FB6"}, {"criteria": "cpe:2.3:h:extremenetworks:ap510c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8123B7E3-28A2-4786-95B5-804B8FBF0E53"}, {"criteria": "cpe:2.3:h:extremenetworks:ap510cx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D76938F-9812-4E8D-9C37-1A05FAE27CD7"}, {"criteria": "cpe:2.3:h:extremenetworks:ap630:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98AFB5E8-BBBB-401C-AEEC-CF36DBB1D07E"}, {"criteria": "cpe:2.3:h:extremenetworks:ap650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1053DDC0-0385-4A86-80E1-D4424274F550"}, {"criteria": "cpe:2.3:h:extremenetworks:ap650x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E838B1A4-542F-421E-967C-7437C449E465"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B79A1496-89B4-4871-90B1-D8CB936EFB7C", "versionEndExcluding": "10.6r5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:extremenetworks:ap1130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06EE00F8-1B3C-4686-BC66-1015E4C62CAD"}, {"criteria": "cpe:2.3:h:extremenetworks:ap550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4BF23B23-0DC0-4C65-BFB1-B09F03902369"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}