Buffer Overflow Vulnerability in Extreme Networks IQ Engine
CVE-2023-46272

8.8HIGH

Key Information:

Vendor: Extreme Networks
Status: IQ Engine
Vendor: CVE Published:; 19 February 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2023-46272?

A buffer overflow vulnerability in Extreme Networks IQ Engine can occur due to flaws in the implementation of the ah_auth service. This vulnerability may allow an attacker to execute arbitrary code by sending malicious input to the affected versions, specifically those prior to 10.6r1a and between 10.6r4, before 10.6r5. It is crucial for users of this software to ensure their systems are updated to patch this vulnerability and mitigate potential risks.

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

https://www.zerodayinitiative.com/advisories/ZDI-23-1765/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Oct 20, 2023

JSON