Buffer Overflow Vulnerability in Extreme Networks IQ Engine
CVE-2023-46271

9.8CRITICAL

Key Information:

Vendor: Extreme Networks
Status: IQ Engine
Vendor: CVE Published:; 19 February 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2023-46271?

A buffer overflow vulnerability exists in Extreme Networks IQ Engine due to improper handling by the ah_webui service, which listens on TCP port 3009 by default. This flaw can potentially allow an attacker to exploit the system, leading to unauthorized access or other malicious activities. Users of affected versions should prioritize patching their devices to mitigate risk.

References

https://extremenetworks.com

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

https://www.zerodayinitiative.com/advisories/ZDI-23-1766/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Oct 20, 2023

JSON