CVE-2023-46272
Published: 19 February 2025
Summary
CVE-2023-46272 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Site (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2023-46272 is a buffer overflow vulnerability (CWE-121) in Extreme Networks IQ Engine, affecting versions before 10.6r1a and through 10.6r4 before 10.6r5. The issue exists in the implementation of the ah_auth service, which allows an attacker to execute arbitrary code. It carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An adjacent attacker (AV:A) can exploit this vulnerability with low attack complexity (AC:L) and no privileges (PR:N), requiring no user interaction (UI:N). Exploitation enables arbitrary code execution with high impacts on confidentiality, integrity, and availability within the unchanged security scope.
Advisories recommend mitigation by upgrading to Extreme Networks IQ Engine 10.6r1a or later for early branches, or to 10.6r5 for versions through 10.6r4, as outlined in the vendor security bulletin at https://extreme-networks.my.site.com/ExtrArticleDetail?an=000115355&q=CVE-2023-46272 and the Zero Day Initiative disclosure at https://www.zerodayinitiative.com/advisories/ZDI-23-1765/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-50499
Vulnerability details
Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in ah_auth remote service directly enables remote code execution via exploitation of a network-exposed service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the buffer overflow flaw in the IQ Engine ah_auth service by patching to version 10.6r1a or later.
Implements memory protections like ASLR and non-executable memory to mitigate arbitrary code execution resulting from the buffer overflow vulnerability.
Mandates validation of inputs to the ah_auth service to prevent buffer overflows from malformed adjacent network traffic.