Summary
A buffer overflow vulnerability in the implementation of the CAPWAP protocol may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
Products not listed in the Products Potentially Affected section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.
Products Potentially Affected
| OS/Product |
Exposure |
| IQ Engine (HiveOS) |
Yes |
Repair Recommendations
IQ Engine(HiveOS):
Fixed in 10.6r1 or later:
- AP30
- AP122
- AP130
- AP150W
- AP250
- AP302W
- AP305C/CX
- AP305C-1
- AP410C
- AP410C-1
- AP460C
- AP460S6C
- AP460S12C
- AP510C/CX
- AP630
- AP650
- AP650X
- AP3000
- AP3000X
- AP4000
- AP4000-1
- AP5010
- AP5050D
- AP5050U
Fixed in 10.6r5 (Target GA: October 2023) or later:
AP models receiving patches in 10.6r5 are in End of Software Maintenance phase.
Customers are strongly encouraged to upgrade to currently supported AP models.
Please see the full security advisory article here for more details and updates.
