CVE-2023-35803: Extreme Networks IQ Engine Buffer Overflow Vulnerability
CVE-2023-35803 is a buffer overflow vulnerability in the implementation of the acsd service on IQ Engine. IQ Engine is a network operating system developed by Extreme Networks for its wireless access points. The vulnerability can be exploited by an attacker to obtain elevated privileges and execute arbitrary code on the affected device.
Affected Products
The following Extreme Networks IQ Engine devices are affected by CVE-2023-35803: All IQ Engine devices running HiveOS/IQ Engine < 10.6r2
Impact
An attacker who successfully exploits CVE-2023-35803 can gain complete control over the affected device. This could allow the attacker to:
Steal sensitive data
Disrupt network operations
Launch further attacks against other devices on the network
Mitigation
Extreme Networks has released a security patch for CVE-2023-35803. Customers are advised to upgrade their IQ Engine devices to the latest version as soon as possible.
Workaround
If customers are unable to upgrade their IQ Engine devices immediately, they can mitigate the risk of exploit by disabling the acsd service. However, this will disable some of the features of the IQ Engine device.
Additional Information
Extreme Networks has released a security advisory for CVE-2023-35803. The advisory provides more information about the vulnerability, including instructions on how to upgrade or disable the acsd service.