Search criteria
36 vulnerabilities found for aos-cx by arubanetworks
FKIE_CVE-2022-23686
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en el procesamiento de datos de paquetes por el servicio LLDP de AOS-CX. Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades puede permitir a un atacante impactar la disponibilidad del servicio LLDP de AOS-CX y/o el plano de administraci\u00f3n del switch en ArubaOS-CX Switches versi\u00f3n(es): AOS-CX 10.09.xxxx: 10.09.1010 y anteriores, AOS-CX 10.08.xxxx: 10.08.1050 y anteriores, AOS-CX 10.06.xxxx: 10.06.0190 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-23686",
"lastModified": "2024-11-21T06:49:06.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.193",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23689
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2025-06-17 20:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en el procesamiento de datos de paquetes por el servicio LLDP de AOS-CX. Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades puede permitir a un atacante impactar la disponibilidad del servicio LLDP de AOS-CX y/o el plano de administraci\u00f3n del switch en ArubaOS-CX Switches versi\u00f3n(es): AOS-CX 10.09.xxxx: 10.09.1010 y anteriores, AOS-CX 10.08.xxxx: 10.08.1050 y anteriores, AOS-CX 10.06.xxxx: 10.06.0190 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan estas vulnerabilidades de seguridad.\n"
}
],
"id": "CVE-2022-23689",
"lastModified": "2025-06-17T20:15:25.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-06T18:15:11.313",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23682
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en la interfaz de l\u00ednea de comandos de AOS-CX que podr\u00edan conllevar a una inyecci\u00f3n de comandos autenticados. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso completo del switch en ArubaOS-CX versiones: AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1030 y anteriores, AOS-CX 10.06.xxxx: 10.06.0180 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan estas vulnerabilidades de seguridad.\n"
}
],
"id": "CVE-2022-23682",
"lastModified": "2024-11-21T06:49:05.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.070",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23690
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en la web de AOS-CX podr\u00eda permitir a un atacante remoto no autenticado obtener una huella digital de la versi\u00f3n exacta de AOS-CX que es ejecutada en el switch. Esto permite que un atacante recupere informaci\u00f3n que podr\u00eda ser usada para apuntar con mayor precisi\u00f3n al switch para su posterior explotaci\u00f3n en ArubaOS-CX versi\u00f3n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anterior. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2022-23690",
"lastModified": "2024-11-21T06:49:06.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.350",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23691
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | cx_10000 | - | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | cx_8325 | - | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | cx_8320 | - | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | aos-cx | * | |
| arubanetworks | cx_9300 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFA4485-2536-4A2F-8C9E-8D563D9154D2",
"versionEndIncluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08D076-E6F5-4168-825E-76ACA0381B6E",
"versionEndIncluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08415D6F-9E00-4168-8FCD-70A97994F33F",
"versionEndIncluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3153DF3A-4734-4A19-84DE-6CD94336B4D6",
"versionEndIncluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFA4485-2536-4A2F-8C9E-8D563D9154D2",
"versionEndIncluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08D076-E6F5-4168-825E-76ACA0381B6E",
"versionEndIncluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08415D6F-9E00-4168-8FCD-70A97994F33F",
"versionEndIncluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3153DF3A-4734-4A19-84DE-6CD94336B4D6",
"versionEndIncluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFA4485-2536-4A2F-8C9E-8D563D9154D2",
"versionEndIncluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08D076-E6F5-4168-825E-76ACA0381B6E",
"versionEndIncluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08415D6F-9E00-4168-8FCD-70A97994F33F",
"versionEndIncluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3153DF3A-4734-4A19-84DE-6CD94336B4D6",
"versionEndIncluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFA4485-2536-4A2F-8C9E-8D563D9154D2",
"versionEndIncluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F08D076-E6F5-4168-825E-76ACA0381B6E",
"versionEndIncluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08415D6F-9E00-4168-8FCD-70A97994F33F",
"versionEndIncluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3153DF3A-4734-4A19-84DE-6CD94336B4D6",
"versionEndIncluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en determinados modelos de switches AOS-CX que podr\u00eda permitir a un atacante con acceso a la consola de recuperaci\u00f3n omitir la autenticaci\u00f3n normal. Una explotaci\u00f3n con \u00e9xito permite a un atacante omitir la autenticaci\u00f3n del sistema y lograr el compromiso total del switch en los Switches ArubaOS-CX versi\u00f3n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1070 y anteriores, AOS-CX 10.06.xxxx: 10.06.0210 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.\n"
}
],
"id": "CVE-2022-23691",
"lastModified": "2024-11-21T06:49:06.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.390",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23687
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en el procesamiento de datos de paquetes por el servicio LLDP de AOS-CX. Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades puede permitir a un atacante impactar la disponibilidad del servicio LLDP de AOS-CX y/o el plano de administraci\u00f3n del switch en ArubaOS-CX Switches versi\u00f3n(es): AOS-CX 10.09.xxxx: 10.09.1010 y anteriores, AOS-CX 10.08.xxxx: 10.08.1050 y anteriores, AOS-CX 10.06.xxxx: 10.06.0190 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan estas vulnerabilidades de seguridad.\n"
}
],
"id": "CVE-2022-23687",
"lastModified": "2024-11-21T06:49:06.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.230",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23688
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2093054A-8485-4125-833D-ABD678C7401D",
"versionEndExcluding": "10.06.0200",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6076B322-5FF2-4E6A-8389-B3ABB7A0BC11",
"versionEndExcluding": "10.08.1060",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCEFCEF-7C48-47D2-96BA-6A6D4D916A1A",
"versionEndExcluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en el procesamiento de datos de paquetes por el servicio LLDP de AOS-CX. Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades puede permitir a un atacante impactar la disponibilidad del servicio LLDP de AOS-CX y/o el plano de administraci\u00f3n del switch en ArubaOS-CX Switches versi\u00f3n(es): AOS-CX 10.09.xxxx: 10.09.1010 y anteriores, AOS-CX 10.08.xxxx: 10.08.1050 y anteriores, AOS-CX 10.06.xxxx: 10.06.0190 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan estas vulnerabilidades de seguridad.\n"
}
],
"id": "CVE-2022-23688",
"lastModified": "2024-11-21T06:49:06.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.273",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23684
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AOS-CX podr\u00eda permitir a un usuario remoto autenticado privilegiado de s\u00f3lo lectura escalar sus permisos a los de un usuario administrativo. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad permite a un atacante escalar los privilegios m\u00e1s all\u00e1 de su nivel autorizado en los Switches ArubaOS-CX versi\u00f3n(es): AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.\n"
}
],
"id": "CVE-2022-23684",
"lastModified": "2024-11-21T06:49:05.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.153",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23683
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de inyecci\u00f3n de comandos autenticados en el motor de an\u00e1lisis de red AOS-CX por medio de scripts NAE. Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente, conllevando a un compromiso completo del switch que ejecuta AOS-CX en los Switches ArubaOS-CX versi\u00f3n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1070 y anteriores, AOS-CX 10.06.xxxx: 10.06.0210 y anterior. Aruba ha publicado actualizaciones para ArubaOS-CX Switch Devices que abordan estas vulnerabilidades de seguridad.\n"
}
],
"id": "CVE-2022-23683",
"lastModified": "2024-11-21T06:49:05.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:11.110",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23681
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5624F8A2-3B04-498D-90A0-204A7EEA01B0",
"versionEndExcluding": "10.06.0220",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B540A6B3-7472-4885-B28D-11655E58F967",
"versionEndExcluding": "10.08.1080",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46432E12-34D3-45C4-94FA-4889C250EE15",
"versionEndExcluding": "10.09.1040",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22523AC2-0649-43C5-A05F-A89002B21FF7",
"versionEndExcluding": "10.10.0002",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en la interfaz de l\u00ednea de comandos de AOS-CX que podr\u00edan conllevar a una inyecci\u00f3n de comandos autenticados. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso completo del switch en ArubaOS-CX versiones: AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1030 y anteriores, AOS-CX 10.06.xxxx: 10.06.0180 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan estas vulnerabilidades de seguridad.\n"
}
],
"id": "CVE-2022-23681",
"lastModified": "2024-11-21T06:49:05.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:10.980",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23680
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
},
{
"lang": "es",
"value": "AOS-CX carece de protecciones Anti-CSRF en las operaciones de cambio de estado. Esto puede ser potencialmente explotado por un atacante para ejecutar comandos en el contexto de otro usuario en ArubaOS-CX Switches versi\u00f3n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anterior. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.\n"
}
],
"id": "CVE-2022-23680",
"lastModified": "2024-11-21T06:49:05.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:10.897",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23679
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C173D28A-1B18-4BB6-8CF2-95AFC62338DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "563D5132-83C7-4613-91D8-4B5F2902FCA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ED82F-AADF-4439-BFF3-19D6DA234426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291D1002-00A7-44E0-ABFD-C64BAA2EDA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D707F695-3511-4351-8C95-842789C134A5",
"versionEndExcluding": "10.06.0210",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95646B3-275F-4EB3-9034-6FF5282A539C",
"versionEndExcluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7AF646-CB0A-45FD-9A51-59369845E41F",
"versionEndExcluding": "10.09.1030",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "870D98A0-0996-4881-AE0B-BDCA8E7341A9",
"versionEndExcluding": "10.10.1000",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
},
{
"lang": "es",
"value": "AOS-CX carece de protecciones Anti-CSRF en las operaciones de cambio de estado. Esto puede ser potencialmente explotado por un atacante para ejecutar comandos en el contexto de otro usuario en ArubaOS-CX Switches versi\u00f3n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anterior. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.\n"
}
],
"id": "CVE-2022-23679",
"lastModified": "2024-11-21T06:49:04.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:10.763",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-23689 (GCVE-0-2022-23689)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-06-17 19:29
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
4.3 (Medium)
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T15:48:57.298414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:29:06.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23689",
"datePublished": "2022-09-06T17:18:55.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-06-17T19:29:06.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23691 (GCVE-0-2022-23691)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- Local Authentication Bypass Vulnerability in Recovery Console
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Authentication Bypass Vulnerability in Recovery Console",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Authentication Bypass Vulnerability in Recovery Console"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23691",
"datePublished": "2022-09-06T17:18:55",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23690 (GCVE-0-2022-23690)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- Unauthenticated Sensitive Information Disclosure in AOS-CX via Web-Management Interface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Sensitive Information Disclosure in AOS-CX via Web-Management Interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Sensitive Information Disclosure in AOS-CX via Web-Management Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23690",
"datePublished": "2022-09-06T17:18:55",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23688 (GCVE-0-2022-23688)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23688",
"datePublished": "2022-09-06T17:18:55",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23687 (GCVE-0-2022-23687)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:54",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23687",
"datePublished": "2022-09-06T17:18:54",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23686 (GCVE-0-2022-23686)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:54",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23686",
"datePublished": "2022-09-06T17:18:54",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23681 (GCVE-0-2022-23681)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23681",
"datePublished": "2022-09-06T17:18:53",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23683 (GCVE-0-2022-23683)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution in AOS-CX Network Analytics Engine(NAE)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution in AOS-CX Network Analytics Engine(NAE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution in AOS-CX Network Analytics Engine(NAE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23683",
"datePublished": "2022-09-06T17:18:53",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23684 (GCVE-0-2022-23684)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- Authenticated Privilege Escalation in the Web-Management Interface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Privilege Escalation in the Web-Management Interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Privilege Escalation in the Web-Management Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23684",
"datePublished": "2022-09-06T17:18:53",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23689 (GCVE-0-2022-23689)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2025-06-17 19:29
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
4.3 (Medium)
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T15:48:57.298414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:29:06.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23689",
"datePublished": "2022-09-06T17:18:55.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-06-17T19:29:06.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23691 (GCVE-0-2022-23691)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- Local Authentication Bypass Vulnerability in Recovery Console
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Authentication Bypass Vulnerability in Recovery Console",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Authentication Bypass Vulnerability in Recovery Console"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23691",
"datePublished": "2022-09-06T17:18:55",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23690 (GCVE-0-2022-23690)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- Unauthenticated Sensitive Information Disclosure in AOS-CX via Web-Management Interface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Sensitive Information Disclosure in AOS-CX via Web-Management Interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Sensitive Information Disclosure in AOS-CX via Web-Management Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23690",
"datePublished": "2022-09-06T17:18:55",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23688 (GCVE-0-2022-23688)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:55",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23688",
"datePublished": "2022-09-06T17:18:55",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23687 (GCVE-0-2022-23687)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:54",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23687",
"datePublished": "2022-09-06T17:18:54",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23686 (GCVE-0-2022-23686)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple Vulnerabilities in AOS-CX LLDP Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities in AOS-CX LLDP Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:54",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities in AOS-CX LLDP Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23686",
"datePublished": "2022-09-06T17:18:54",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23681 (GCVE-0-2022-23681)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23681",
"datePublished": "2022-09-06T17:18:53",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23683 (GCVE-0-2022-23683)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution in AOS-CX Network Analytics Engine(NAE)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution in AOS-CX Network Analytics Engine(NAE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution in AOS-CX Network Analytics Engine(NAE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23683",
"datePublished": "2022-09-06T17:18:53",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23684 (GCVE-0-2022-23684)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- Authenticated Privilege Escalation in the Web-Management Interface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches |
Affected:
AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Privilege Escalation in the Web-Management Interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Privilege Escalation in the Web-Management Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23684",
"datePublished": "2022-09-06T17:18:53",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}