Cyber Resilience

CVE-2023-46272

High

Published: 19 February 2025

Published
19 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-46272 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Site (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-46272 is a buffer overflow vulnerability (CWE-121) in Extreme Networks IQ Engine, affecting versions before 10.6r1a and through 10.6r4 before 10.6r5. The issue exists in the implementation of the ah_auth service, which allows an attacker to execute arbitrary code. It carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An adjacent attacker (AV:A) can exploit this vulnerability with low attack complexity (AC:L) and no privileges (PR:N), requiring no user interaction (UI:N). Exploitation enables arbitrary code execution with high impacts on confidentiality, integrity, and availability within the unchanged security scope.

Advisories recommend mitigation by upgrading to Extreme Networks IQ Engine 10.6r1a or later for early branches, or to 10.6r5 for versions through 10.6r4, as outlined in the vendor security bulletin at https://extreme-networks.my.site.com/ExtrArticleDetail?an=000115355&q=CVE-2023-46272 and the Zero Day Initiative disclosure at https://www.zerodayinitiative.com/advisories/ZDI-23-1765/.

EU & UK References

Vulnerability details

Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Buffer overflow in ah_auth remote service directly enables remote code execution via exploitation of a network-exposed service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-66177Shared CWE-121
CVE-2025-25679Shared CWE-121
CVE-2026-37536Shared CWE-121
CVE-2026-41429Shared CWE-121
CVE-2026-41089Shared CWE-121
CVE-2026-22790Shared CWE-121
CVE-2026-30872Shared CWE-121
CVE-2025-66176Shared CWE-121
CVE-2025-32062Shared CWE-121
CVE-2026-4747Shared CWE-121

Affected Assets

Site
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the buffer overflow flaw in the IQ Engine ah_auth service by patching to version 10.6r1a or later.

prevent

Implements memory protections like ASLR and non-executable memory to mitigate arbitrary code execution resulting from the buffer overflow vulnerability.

prevent

Mandates validation of inputs to the ah_auth service to prevent buffer overflows from malformed adjacent network traffic.

References