CVE-2023-46271 in AP410Cinfo

Summary

by MITRE • 02/19/2025

Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/03/2026

This vulnerability represents a critical buffer overflow condition within Extreme Networks IQ Engine software versions prior to 10.6r1a and through 10.6r4 before 10.6r5. The flaw exists within the ah_webui service component that operates on TCP port 3009, making it accessible to remote attackers who can exploit this weakness without authentication. The buffer overflow occurs when the service processes incoming data from network connections, specifically in how it handles user input or request parameters that exceed allocated memory buffers. This type of vulnerability falls under CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. The attack surface is particularly concerning given that the affected service listens on a default port, making exploitation accessible to any network entity that can reach the device.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as remote code execution remains a potential threat when buffer overflows occur in network services. Attackers could leverage this weakness to inject malicious code into the target system's memory space, potentially gaining unauthorized access to the device and its associated network resources. The ah_webui service represents a critical attack vector since it directly interfaces with web-based management functions, providing attackers with potential access to configuration data, user credentials, and administrative controls. This vulnerability aligns with ATT&CK technique T1210, which covers exploitation of remote services through buffer overflow attacks that can lead to privilege escalation and system compromise.

Organizations running affected Extreme Networks IQ Engine versions face significant security risks including unauthorized network access, data exfiltration, and potential lateral movement within their infrastructure. The default listening port 3009 creates an easily identifiable target for automated scanning tools, increasing the likelihood of successful exploitation. Security teams should prioritize immediate patching of all affected systems to prevent potential compromise, as this vulnerability could enable attackers to establish persistent access points within enterprise networks. The buffer overflow condition represents a fundamental flaw in input validation mechanisms that should have been addressed through proper bounds checking and memory management practices. Network segmentation and firewall rules should be implemented to restrict access to TCP port 3009 until patches are deployed, while also monitoring for suspicious network traffic patterns that might indicate exploitation attempts against this vulnerability.

Reservation

10/20/2023

Disclosure

02/19/2025

Moderation

accepted

CPE

ready

EPSS

0.00705

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!