IQ Engine
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46271 | Cri | 0.64 | 9.8 | 0.01 | Feb 19, 2025 | Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default. | ||
| CVE-2023-46272 | Hig | 0.57 | 8.8 | 0.00 | Feb 19, 2025 | Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service | ||
| CVE-2020-16152 | 0.10 | — | 0.35 | Nov 14, 2021 | The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. | |||
| CVE-2023-35803 | 0.00 | — | 0.02 | Oct 4, 2023 | IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | |||
| CVE-2023-35802 | 0.00 | — | 0.01 | Jul 15, 2023 | IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to… |
- risk 0.64cvss 9.8epss 0.01
Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.
- risk 0.57cvss 8.8epss 0.00
Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service
- CVE-2020-16152Nov 14, 2021risk 0.10cvss —epss 0.35
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
- CVE-2023-35803Oct 4, 2023risk 0.00cvss —epss 0.02
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
- CVE-2023-35802Jul 15, 2023risk 0.00cvss —epss 0.01
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to…