CVE-2023-46271

Name of the Vulnerable Software and Affected Versions Extreme Networks IQ Engine versions prior to 10.6r1a Extreme Networks IQ Engine versions 10.6r1a through 10.6r4 before 10.6r5 Extreme Networks AP410C (affected versions not specified)

Description The issue arises from the ah webui service, which listens on TCP port 3009 by default. It is related to deficiencies in the authentication procedure of the ah webui service in Extreme Networks AP410C network switch microcode. This allows a remote attacker to bypass existing security restrictions. The vulnerability can be exploited by network-adjacent attackers to reach critical functions on affected installations of Extreme Networks AP410C routers without requiring authentication.

Recommendations For Extreme Networks IQ Engine versions prior to 10.6r1a, update to version 10.6r1a or later. For Extreme Networks IQ Engine versions 10.6r1a through 10.6r4 before 10.6r5, update to version 10.6r5 or later. For Extreme Networks AP410C, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the ah webui service to minimize the risk of exploitation.