CVE-2023-46271

Critical

Published: 19 February 2025

Published

19 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 26.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.

Security Summary

CVE-2023-46271 is a buffer overflow vulnerability (CWE-120) affecting Extreme Networks IQ Engine versions before 10.6r1a and through 10.6r4 before 10.6r5. The flaw originates in the ah_webui service, which listens on TCP port 3009 by default.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), enabling an unauthenticated remote attacker with network access to trigger the buffer overflow. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, such as remote code execution or system compromise.

Advisories from Extreme Networks and the Zero Day Initiative detail mitigation steps, including upgrading to IQ Engine version 10.6r5 or later. Additional guidance is available in the Extreme Networks article at https://extreme-networks.my.site.com/ExtrArticleDetail?an=000115354&q=CVE-2023-46271 and the ZDI-23-1766 advisory at https://www.zerodayinitiative.com/advisories/ZDI-23-1766/.

Details

CWE(s): CWE-120

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000115354&q=CVE-2023-46271
cve@mitre.org
https://extremenetworks.com
cve@mitre.org
https://www.zerodayinitiative.com/advisories/ZDI-23-1766/
cve@mitre.org