{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-35802", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-30T18:24:42.767Z", "dateReserved": "2023-06-17T00:00:00", "datePublished": "2023-07-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.237Z"}, "title": "CVE Program Container", "references": [{"url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "extremenetworks", "product": "iq_engine", "cpes": ["cpe:2.3:o:extremenetworks:iq_engine:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.6r2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-30T18:20:20.740423Z", "id": "CVE-2023-35802", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T18:24:42.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.237Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35802", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-30T18:20:20.740423Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:extremenetworks:iq_engine:-:*:*:*:*:*:*:*"], "vendor": "extremenetworks", "product": "iq_engine", "versions": [{"status": "affected", "version": "0", "lessThan": "10.6r2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T18:24:25.248Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741"}], "descriptions": [{"lang": "en", "value": "IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-15T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-35802", "state": "PUBLISHED", "dateUpdated": "2024-10-30T18:24:42.767Z", "dateReserved": "2023-06-17T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-15T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "0492F4F6-AF0B-478C-8D7C-68DCE2AB1989", "versionEndExcluding": "10.6r1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:*", "matchCriteriaId": "60779E2E-9C16-430C-AAD5-51410B5894E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0BA56D5-E3C8-402F-8852-F7F9864C3A7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:*", "matchCriteriaId": "95B91235-8FB7-4BB2-99BC-D53074ECEEE3", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:*", "matchCriteriaId": "2831D50B-3BCE-4166-BDD6-E38317B92E2C", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:*", "matchCriteriaId": "27CCA45A-C187-46AE-825C-0DF85824CD3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "96D3DFF3-8C35-4860-B904-DDEEA6C68827", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4303FD05-94B4-4D42-BBB9-1E5725DC89C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B393FA2-8528-4977-B2F3-D42FF4A78E5B", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9384ECB-2EAF-4049-A644-481E9BE00FA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap305c-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE2C4A69-7A54-45E9-9940-99272E41FC21", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap305cx:-:*:*:*:*:*:*:*", "matchCriteriaId": "001C25E7-F884-4AFD-80DB-40FB6742292B", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCDCBF18-E614-4F63-8C0A-BF28E47B4D6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap4000-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBA85B9D-5D40-44CA-B345-A9B33E2854D6", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5F69587-452F-474A-9389-F9AFE439285C", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap410c-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "56CA142E-9947-4854-9F56-1D24F45F7A2D", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap460c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E0E816A-C583-4985-94D2-E97B8B87A818", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap460s12c:-:*:*:*:*:*:*:*", "matchCriteriaId": "36189326-1798-4312-B61B-BB9DEFB94028", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap460s6c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4207CD0-E7DF-4DAB-BEE6-93387D5C29BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap5010:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E2A0429-3DCB-4E33-9145-D80005B85150", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap5050d:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF2B1AB3-EB5D-46B3-B5E0-6A7A8151403E", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap5050u:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E8E2F84-964A-49CB-B00C-080669298FB6", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap510c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8123B7E3-28A2-4786-95B5-804B8FBF0E53", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap510cx:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D76938F-9812-4E8D-9C37-1A05FAE27CD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap630:-:*:*:*:*:*:*:*", "matchCriteriaId": "98AFB5E8-BBBB-401C-AEEC-CF36DBB1D07E", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap650:-:*:*:*:*:*:*:*", "matchCriteriaId": "1053DDC0-0385-4A86-80E1-D4424274F550", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap650x:-:*:*:*:*:*:*:*", "matchCriteriaId": "E838B1A4-542F-421E-967C-7437C449E465", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79A1496-89B4-4871-90B1-D8CB936EFB7C", "versionEndExcluding": "10.6r5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:extremenetworks:ap1130:-:*:*:*:*:*:*:*", "matchCriteriaId": "06EE00F8-1B3C-4686-BC66-1015E4C62CAD", "vulnerable": false}, {"criteria": "cpe:2.3:h:extremenetworks:ap550:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BF23B23-0DC0-4C65-BFB1-B09F03902369", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit."}], "id": "CVE-2023-35802", "lastModified": "2024-11-21T08:08:44.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-15T02:15:08.803", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://extremeportal.force.com/ExtrArticleDetail?an=000112741"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}