Search criteria
39 vulnerabilities found for arubaos-cx by hpe
FKIE_CVE-2025-37160
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-12-04 18:18
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43",
"versionEndExcluding": "10.10.1170",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0",
"versionEndExcluding": "10.13.1101",
"versionStartIncluding": "10.13.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250",
"versionEndExcluding": "10.14.1060",
"versionStartIncluding": "10.14.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E",
"versionEndExcluding": "10.15.1030",
"versionStartIncluding": "10.15.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3",
"versionEndExcluding": "10.16.1001",
"versionStartIncluding": "10.16.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data."
}
],
"id": "CVE-2025-37160",
"lastModified": "2025-12-04T18:18:12.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T19:15:48.133",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-37156
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-12-04 18:20
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Summary
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43",
"versionEndExcluding": "10.10.1170",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0",
"versionEndExcluding": "10.13.1101",
"versionStartIncluding": "10.13.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250",
"versionEndExcluding": "10.14.1060",
"versionStartIncluding": "10.14.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E",
"versionEndExcluding": "10.15.1030",
"versionStartIncluding": "10.15.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3",
"versionEndExcluding": "10.16.1001",
"versionStartIncluding": "10.16.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional."
}
],
"id": "CVE-2025-37156",
"lastModified": "2025-12-04T18:20:51.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T19:15:47.363",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-37155
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-12-04 18:21
Severity ?
Summary
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43",
"versionEndExcluding": "10.10.1170",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0",
"versionEndExcluding": "10.13.1101",
"versionStartIncluding": "10.13.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250",
"versionEndExcluding": "10.14.1060",
"versionStartIncluding": "10.14.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E",
"versionEndExcluding": "10.15.1030",
"versionStartIncluding": "10.15.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3",
"versionEndExcluding": "10.16.1001",
"versionStartIncluding": "10.16.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system."
}
],
"id": "CVE-2025-37155",
"lastModified": "2025-12-04T18:21:05.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2025-11-18T19:15:47.170",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-37159
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-12-04 18:19
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43",
"versionEndExcluding": "10.10.1170",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0",
"versionEndExcluding": "10.13.1101",
"versionStartIncluding": "10.13.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250",
"versionEndExcluding": "10.14.1060",
"versionStartIncluding": "10.14.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E",
"versionEndExcluding": "10.15.1030",
"versionStartIncluding": "10.15.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3",
"versionEndExcluding": "10.16.1001",
"versionStartIncluding": "10.16.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data."
}
],
"id": "CVE-2025-37159",
"lastModified": "2025-12-04T18:19:18.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T19:15:47.980",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-37157
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-12-04 18:20
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43",
"versionEndExcluding": "10.10.1170",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0",
"versionEndExcluding": "10.13.1101",
"versionStartIncluding": "10.13.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250",
"versionEndExcluding": "10.14.1060",
"versionStartIncluding": "10.14.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E",
"versionEndExcluding": "10.15.1030",
"versionStartIncluding": "10.15.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3",
"versionEndExcluding": "10.16.1001",
"versionStartIncluding": "10.16.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"id": "CVE-2025-37157",
"lastModified": "2025-12-04T18:20:14.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T19:15:47.533",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-37158
Vulnerability from fkie_nvd - Published: 2025-11-18 19:15 - Updated: 2025-12-04 18:19
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43",
"versionEndExcluding": "10.10.1170",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0",
"versionEndExcluding": "10.13.1101",
"versionStartIncluding": "10.13.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250",
"versionEndExcluding": "10.14.1060",
"versionStartIncluding": "10.14.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E",
"versionEndExcluding": "10.15.1030",
"versionStartIncluding": "10.15.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3",
"versionEndExcluding": "10.16.1001",
"versionStartIncluding": "10.16.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"id": "CVE-2025-37158",
"lastModified": "2025-12-04T18:19:59.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T19:15:47.700",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3718
Vulnerability from fkie_nvd - Published: 2023-08-01 19:15 - Updated: 2024-11-21 08:17
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
References
| URL | Tags | ||
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04DE53FD-22EA-4BDF-97DD-AB8253F4F059",
"versionEndIncluding": "10.10.1050",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2649063A-E4A1-4548-877E-F1FAD3BBFC56",
"versionEndIncluding": "10.11.1010",
"versionStartIncluding": "10.11.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10D4824-3D75-4CD2-A541-D910B91FD560",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6000_12g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E276AD3-DEBD-4BE5-A7E0-A2017E09ADC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6000_24g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A51A5922-69A1-4594-B74F-27E62E455170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6000_48g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D397073F-2A04-4B88-BC6D-5F3B5EEB00F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1DD310-3D31-4204-92E0-70C33EE44F08",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BC4F4F-5DF6-45D6-9039-BF06C5D53487",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1218AAA5-01ED-4D89-A7AE-A600356ABD46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200m_24g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D05337A1-9022-41DA-AFED-AE76FC39D3C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m_24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5172FB6C-C38E-4A5A-8C67-55B475C96B0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m_48g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF6C6CE-E842-420D-9C4C-54D4B4F85D14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8320-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "873275E0-0BF3-42A6-A88A-4A4CDCC98C37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8320-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65875CB1-A9A3-42CC-A14D-7AB4E985808A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_9300_32d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C595A15-BD04-45A3-A719-3DFB8DAB46E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\n\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos de AOS-CX. La explotaci\u00f3n exitosa de esta vulnerabilidad resulta en la capacidad de ejecutar comandos arbitrarios en el sistema operativo subyacente como un usuario privilegiado en el conmutador afectado. Esto permite a un atacante comprometer completamente el sistema operativo subyacente en el dispositivo que ejecuta AOS-CX."
}
],
"id": "CVE-2023-3718",
"lastModified": "2024-11-21T08:17:54.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-01T19:15:09.947",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-1168
Vulnerability from fkie_nvd - Published: 2023-03-22 06:15 - Updated: 2025-02-26 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated remote code execution vulnerability
exists in the AOS-CX Network Analytics Engine. Successful
exploitation of this vulnerability results in the ability to
execute arbitrary code as a privileged user on the underlying
operating system, leading to a complete compromise of the
switch running AOS-CX.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | aruba_cx_10000-48y6 | - | |
| hpe | aruba_cx_6200f_48g | - | |
| hpe | aruba_cx_6200m_24g | - | |
| hpe | aruba_cx_6300m_24p | - | |
| hpe | aruba_cx_6300m_48g | - | |
| hpe | aruba_cx_6405 | - | |
| hpe | aruba_cx_6410 | - | |
| hpe | aruba_cx_8320-32 | - | |
| hpe | aruba_cx_8320-48p | - | |
| hpe | aruba_cx_8325-32c | - | |
| hpe | aruba_cx_8325-48y8c | - | |
| hpe | aruba_cx_8360-12c | - | |
| hpe | aruba_cx_8360-16y2c | - | |
| hpe | aruba_cx_8360-24xf2c | - | |
| hpe | aruba_cx_8360-32y4c | - | |
| hpe | aruba_cx_8360-48xt4c | - | |
| hpe | aruba_cx_8360-48y6c | - | |
| hpe | aruba_cx_8400 | - | |
| hpe | aruba_cx_9300_32d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B17071-FD9B-49C1-8C0B-FDA68664E773",
"versionEndExcluding": "10.06.0240",
"versionStartIncluding": "10.06.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8A631C-CB1E-4314-943D-713DC9EA260E",
"versionEndIncluding": "10.08.1070",
"versionStartIncluding": "10.08.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "936EB0DA-9A69-4E7B-B5F5-437A86B8C897",
"versionEndIncluding": "10.09.1020",
"versionStartIncluding": "10.09.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "690D819F-1B6E-48A1-BEDD-90B511048317",
"versionEndExcluding": "10.10.1030",
"versionStartIncluding": "10.10.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10D4824-3D75-4CD2-A541-D910B91FD560",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BC4F4F-5DF6-45D6-9039-BF06C5D53487",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200m_24g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D05337A1-9022-41DA-AFED-AE76FC39D3C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m_24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5172FB6C-C38E-4A5A-8C67-55B475C96B0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m_48g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF6C6CE-E842-420D-9C4C-54D4B4F85D14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8320-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "873275E0-0BF3-42A6-A88A-4A4CDCC98C37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8320-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65875CB1-A9A3-42CC-A14D-7AB4E985808A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_9300_32d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C595A15-BD04-45A3-A719-3DFB8DAB46E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote code execution vulnerability\n exists in the AOS-CX Network Analytics Engine. Successful\n exploitation of this vulnerability results in the ability to\n execute arbitrary code as a privileged user on the underlying\n operating system, leading to a complete compromise of the\n switch running AOS-CX.\n\n\n"
}
],
"id": "CVE-2023-1168",
"lastModified": "2025-02-26T17:15:14.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-22T06:15:09.390",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-41000
Vulnerability from fkie_nvd - Published: 2022-03-02 22:15 - Updated: 2024-11-21 06:25
Severity ?
Summary
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | 10.08.0001 | |
| hpe | aruba_8320 | - | |
| hpe | aruba_8325-32-c | - | |
| hpe | aruba_8325-48y8c | - | |
| hpe | aruba_8360-12c | - | |
| hpe | aruba_8360-16y2c | - | |
| hpe | aruba_8360-24xf2c | - | |
| hpe | aruba_8360-32y4c | - | |
| hpe | aruba_8360-48xt4c | - | |
| hpe | aruba_8400x | - | |
| hpe | aruba_cx_6200f | - | |
| hpe | aruba_cx_6300f | - | |
| hpe | aruba_cx_6300m | - | |
| hpe | aruba_cx_6405 | - | |
| hpe | aruba_cx_6410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF92A4-497F-4E18-8EFB-CA65C6E13CBC",
"versionEndIncluding": "10.06.0170",
"versionStartIncluding": "10.06.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B891BD-6C2C-4D39-9851-857B908047E9",
"versionEndIncluding": "10.07.0020",
"versionStartIncluding": "10.07.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:10.08.0001:*:*:*:*:*:*:*",
"matchCriteriaId": "49148F3C-4D61-4F27-BA6F-5A27DE55B08F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:aruba_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "486BF5C3-870B-47B7-9C0E-9B35DBE3F41C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-32-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35AC85B2-4960-4F61-B4DB-02598AF6E2E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "535F4E94-337F-4EE7-8740-CFC5AF310736",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "257C95D3-8D0F-4878-BC17-DC888975E07C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2167087-2E82-4BD0-9791-C837B655A5EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8486D5-91D8-457D-BCED-6534768933ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4362AA75-7C76-4741-934F-B0BF75A7DB9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4801BD3A-ED8C-42F3-A631-3094A9A82913",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8400x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1FBA66-B639-4B0C-A96F-FC74B01B45BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se han detectados m\u00faltiples vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota autenticado en la interfaz de l\u00ednea de comandos de AOS-CX en las versiones de la serie de conmutadores Aruba CX 6200F, la serie de conmutadores Aruba 6300, la serie de conmutadores Aruba 6400, la serie de conmutadores Aruba 8320, la serie de conmutadores Aruba 8325, la serie de conmutadores Aruba 8400 y la serie de conmutadores Aruba CX 8360: AOS-CX versi\u00f3n 10.06.xxxx: 10.06.0170 y anteriores, AOS-CX versiones 10.07.xxxx: 10.07.0050 y anteriores, AOS-CX versiones 10.08.xxxx: 10.08.1030 y anteriores. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2021-41000",
"lastModified": "2024-11-21T06:25:14.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T22:15:08.017",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-41002
Vulnerability from fkie_nvd - Published: 2022-03-02 22:15 - Updated: 2024-11-21 06:25
Severity ?
Summary
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | aruba_8320 | - | |
| hpe | aruba_8325-32-c | - | |
| hpe | aruba_8325-48y8c | - | |
| hpe | aruba_8360-12c | - | |
| hpe | aruba_8360-16y2c | - | |
| hpe | aruba_8360-24xf2c | - | |
| hpe | aruba_8360-32y4c | - | |
| hpe | aruba_8360-48xt4c | - | |
| hpe | aruba_8400x | - | |
| hpe | aruba_cx_6200f | - | |
| hpe | aruba_cx_6300f | - | |
| hpe | aruba_cx_6300m | - | |
| hpe | aruba_cx_6405 | - | |
| hpe | aruba_cx_6410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF92A4-497F-4E18-8EFB-CA65C6E13CBC",
"versionEndIncluding": "10.06.0170",
"versionStartIncluding": "10.06.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9AB6C6-F5B1-462C-9225-4329C126D7AB",
"versionEndIncluding": "10.07.0050",
"versionStartIncluding": "10.07.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D93409-2CFC-45B4-852F-3A8CD24E8EF6",
"versionEndIncluding": "10.08.1030",
"versionStartIncluding": "10.08.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6004E2-4C71-469F-9C40-470040E053C3",
"versionEndIncluding": "10.09.0002",
"versionStartIncluding": "10.09.0001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:aruba_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "486BF5C3-870B-47B7-9C0E-9B35DBE3F41C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-32-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35AC85B2-4960-4F61-B4DB-02598AF6E2E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "535F4E94-337F-4EE7-8740-CFC5AF310736",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "257C95D3-8D0F-4878-BC17-DC888975E07C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2167087-2E82-4BD0-9791-C837B655A5EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8486D5-91D8-457D-BCED-6534768933ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4362AA75-7C76-4741-934F-B0BF75A7DB9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4801BD3A-ED8C-42F3-A631-3094A9A82913",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8400x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1FBA66-B639-4B0C-A96F-FC74B01B45BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se han detectado m\u00faltiples vulnerabilidades de salto de ruta remoto autenticadas en la interfaz de l\u00ednea de comandos de AOS-CX en las versiones de la serie de conmutadores Aruba CX 6200F, la serie de conmutadores Aruba 6300, la serie de conmutadores Aruba 6400, la serie de conmutadores Aruba 8320, la serie de conmutadores Aruba 8325, la serie de conmutadores Aruba 8400 y la serie de conmutadores Aruba CX 8360: AOS-CX versiones 10.06.xxxx: 10.06.0170 y anteriores, AOS-CX versiones 10.07.xxxx: 10.07.0050 y anteriores, AOS-CX versiones 10.08.xxxx: 10.08.1030 y anteriores, AOS-CX versiones 10.09.xxxx: 10.09.0002 y anteriores. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2021-41002",
"lastModified": "2024-11-21T06:25:14.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T22:15:08.113",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-41001
Vulnerability from fkie_nvd - Published: 2022-03-02 22:15 - Updated: 2024-11-21 06:25
Severity ?
Summary
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | aruba_8320 | - | |
| hpe | aruba_8325-32-c | - | |
| hpe | aruba_8325-48y8c | - | |
| hpe | aruba_8360-12c | - | |
| hpe | aruba_8360-16y2c | - | |
| hpe | aruba_8360-24xf2c | - | |
| hpe | aruba_8360-32y4c | - | |
| hpe | aruba_8360-48xt4c | - | |
| hpe | aruba_8400x | - | |
| hpe | aruba_cx_6200f | - | |
| hpe | aruba_cx_6300f | - | |
| hpe | aruba_cx_6300m | - | |
| hpe | aruba_cx_6405 | - | |
| hpe | aruba_cx_6410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9AB6C6-F5B1-462C-9225-4329C126D7AB",
"versionEndIncluding": "10.07.0050",
"versionStartIncluding": "10.07.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D93409-2CFC-45B4-852F-3A8CD24E8EF6",
"versionEndIncluding": "10.08.1030",
"versionStartIncluding": "10.08.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6004E2-4C71-469F-9C40-470040E053C3",
"versionEndIncluding": "10.09.0002",
"versionStartIncluding": "10.09.0001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:aruba_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "486BF5C3-870B-47B7-9C0E-9B35DBE3F41C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-32-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35AC85B2-4960-4F61-B4DB-02598AF6E2E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "535F4E94-337F-4EE7-8740-CFC5AF310736",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "257C95D3-8D0F-4878-BC17-DC888975E07C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2167087-2E82-4BD0-9791-C837B655A5EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8486D5-91D8-457D-BCED-6534768933ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4362AA75-7C76-4741-934F-B0BF75A7DB9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4801BD3A-ED8C-42F3-A631-3094A9A82913",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8400x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1FBA66-B639-4B0C-A96F-FC74B01B45BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto autenticado en el motor de an\u00e1lisis de red (NAE) de AOS-CX en las versiones de la serie de conmutadores Aruba CX 6200F, la serie de conmutadores Aruba 6300, la serie de conmutadores Aruba 6400, la serie de conmutadores Aruba 8320, la serie de conmutadores Aruba 8325, la serie de conmutadores Aruba 8400 y la serie de conmutadores Aruba CX 8360: AOS-CX versiones 10.07.xxxx: 10.07.0050 y anteriores, AOS-CX versiones 10.08.xxxx: 10.08.1030 y anteriores, AOS-CX versiones 10.09.xxxx: 10.09.0002 y anteriores. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-41001",
"lastModified": "2024-11-21T06:25:14.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T22:15:08.067",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-41003
Vulnerability from fkie_nvd - Published: 2022-03-02 22:15 - Updated: 2024-11-21 06:25
Severity ?
Summary
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | arubaos-cx | * | |
| hpe | aruba_8320 | - | |
| hpe | aruba_8325-32-c | - | |
| hpe | aruba_8325-48y8c | - | |
| hpe | aruba_8360-12c | - | |
| hpe | aruba_8360-16y2c | - | |
| hpe | aruba_8360-24xf2c | - | |
| hpe | aruba_8360-32y4c | - | |
| hpe | aruba_8360-48xt4c | - | |
| hpe | aruba_8400x | - | |
| hpe | aruba_cx_6200f | - | |
| hpe | aruba_cx_6300f | - | |
| hpe | aruba_cx_6300m | - | |
| hpe | aruba_cx_6405 | - | |
| hpe | aruba_cx_6410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46EF92A4-497F-4E18-8EFB-CA65C6E13CBC",
"versionEndIncluding": "10.06.0170",
"versionStartIncluding": "10.06.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9AB6C6-F5B1-462C-9225-4329C126D7AB",
"versionEndIncluding": "10.07.0050",
"versionStartIncluding": "10.07.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D93409-2CFC-45B4-852F-3A8CD24E8EF6",
"versionEndIncluding": "10.08.1030",
"versionStartIncluding": "10.08.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6004E2-4C71-469F-9C40-470040E053C3",
"versionEndIncluding": "10.09.0002",
"versionStartIncluding": "10.09.0001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:aruba_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "486BF5C3-870B-47B7-9C0E-9B35DBE3F41C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-32-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35AC85B2-4960-4F61-B4DB-02598AF6E2E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "535F4E94-337F-4EE7-8740-CFC5AF310736",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "257C95D3-8D0F-4878-BC17-DC888975E07C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2167087-2E82-4BD0-9791-C837B655A5EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8486D5-91D8-457D-BCED-6534768933ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4362AA75-7C76-4741-934F-B0BF75A7DB9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4801BD3A-ED8C-42F3-A631-3094A9A82913",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_8400x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1FBA66-B639-4B0C-A96F-FC74B01B45BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se han detectado m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos sin autenticaci\u00f3n en la interfaz API de AOS-CX en las versiones de Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series: AOS-CX versiones 10.06.xxxx: 10.06.0170 y anteriores, AOS-CX versiones 10.07.xxxx: 10.07.0050 y anteriores, AOS-CX versiones 10.08.xxxx: 10.08.1030 y anteriores, AOS-CX versiones 10.09.xxxx: 10.09.0002 y anteriores. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2021-41003",
"lastModified": "2024-11-21T06:25:14.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T22:15:08.157",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-37160 (GCVE-0-2025-37160)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:54 – Updated: 2025-11-18 20:56
VLAI?
Summary
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
dugisan3rd
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:56:16.719220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:56:20.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dugisan3rd"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.\u003c/p\u003e"
}
],
"value": "A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:54:09.908Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Broken Access Control (BAC) in REST API Configuration Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37160",
"datePublished": "2025-11-18T18:54:09.908Z",
"dateReserved": "2025-04-16T01:28:25.374Z",
"dateUpdated": "2025-11-18T20:56:20.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37159 (GCVE-0-2025-37159)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:52 – Updated: 2025-11-19 04:55
VLAI?
Summary
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.
Severity ?
5.8 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
0x50d
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:34.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0x50d"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.\u003c/p\u003e"
}
],
"value": "A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:52:46.501Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37159",
"datePublished": "2025-11-18T18:52:46.501Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-19T04:55:34.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37158 (GCVE-0-2025-37158)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:51 – Updated: 2025-11-19 04:55
VLAI?
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
Severity ?
6.7 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
zzcentury from Ubisetech Sirius Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:35.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisetech Sirius Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:51:28.623Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37158",
"datePublished": "2025-11-18T18:51:28.623Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-19T04:55:35.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37157 (GCVE-0-2025-37157)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:48 – Updated: 2025-12-01 15:35
VLAI?
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
Severity ?
6.7 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networkign AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
zzcentury from Ubisectech Sirius Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T04:55:36.300388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:35:01.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networkign AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:48:58.009Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37157",
"datePublished": "2025-11-18T18:48:58.009Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-12-01T15:35:01.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37156 (GCVE-0-2025-37156)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:46 – Updated: 2025-11-18 20:28
VLAI?
Summary
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.
Severity ?
6.8 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
Nicholas Starke
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:12:58.972214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:28:30.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicholas Starke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.\u003c/p\u003e"
}
],
"value": "A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:46:10.640Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "ArubaOS-CX Platform-Level Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37156",
"datePublished": "2025-11-18T18:46:10.640Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-18T20:28:30.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37155 (GCVE-0-2025-37155)
Vulnerability from cvelistv5 – Published: 2025-11-18 18:40 – Updated: 2025-11-19 04:55
VLAI?
Summary
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
Angelo Catalani
Giacomo Gloria
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:36.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Angelo Catalani"
},
{
"lang": "en",
"type": "reporter",
"value": "Giacomo Gloria"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.\u003c/p\u003e"
}
],
"value": "A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:40:40.560Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "EXTERNAL"
},
"title": "Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37155",
"datePublished": "2025-11-18T18:40:40.560Z",
"dateReserved": "2025-04-16T01:28:25.369Z",
"dateUpdated": "2025-11-19T04:55:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3718 (GCVE-0-2023-3718)
Vulnerability from cvelistv5 – Published: 2023-08-01 18:25 – Updated: 2024-10-22 20:29
VLAI?
Summary
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba CX Switches |
Affected:
AOS-CX 10.11.xxxx: 10.11.1010 and below
Affected: AOS-CX 10.10.xxxx: 10.10.1050 and below |
Credits
Nick Starke of Aruba Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hewlett_packard_enterprise:aruba_cx_switches:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_cx_switches",
"vendor": "hewlett_packard_enterprise",
"versions": [
{
"lessThanOrEqual": "10.11.1010",
"status": "affected",
"version": "10.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.10.1050",
"status": "affected",
"version": "10.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:21:25.652996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:29:41.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"AOS-CX"
],
"product": "Aruba CX Switches",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.11.xxxx: 10.11.1010 and below"
},
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.1050 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nick Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cpre\u003eAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\u003c/pre\u003e\n\n"
}
],
"value": "\nAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T18:25:10.262Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-3718",
"datePublished": "2023-08-01T18:25:10.262Z",
"dateReserved": "2023-07-17T17:36:17.204Z",
"dateUpdated": "2024-10-22T20:29:41.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1168 (GCVE-0-2023-1168)
Vulnerability from cvelistv5 – Published: 2023-03-21 20:22 – Updated: 2025-02-26 16:33
VLAI?
Summary
An authenticated remote code execution vulnerability
exists in the AOS-CX Network Analytics Engine. Successful
exploitation of this vulnerability results in the ability to
execute arbitrary code as a privileged user on the underlying
operating system, leading to a complete compromise of the
switch running AOS-CX.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series |
Affected:
AOS-CX 10.10.xxxx: 10.10.1020 and below.
Affected: AOS-CX 10.09.xxxx: 10.09.1020 and below. Affected: AOS-CX 10.08.xxxx: 10.08.1070 and below. Affected: AOS-CX 10.06.xxxx: 10.06.0230 and below. |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:29:51.845138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:33:03.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"AOS-CX"
],
"product": "Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.1020 and below."
},
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1020 and below."
},
{
"status": "affected",
"version": "AOS-CX 10.08.xxxx: 10.08.1070 and below."
},
{
"status": "affected",
"version": "AOS-CX 10.06.xxxx: 10.06.0230 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote code execution vulnerability\n exists in the AOS-CX Network Analytics Engine. Successful\n exploitation of this vulnerability results in the ability to\n execute arbitrary code as a privileged user on the underlying\n operating system, leading to a complete compromise of the\n switch running AOS-CX.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An authenticated remote code execution vulnerability\n exists in the AOS-CX Network Analytics Engine. Successful\n exploitation of this vulnerability results in the ability to\n execute arbitrary code as a privileged user on the underlying\n operating system, leading to a complete compromise of the\n switch running AOS-CX.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T04:38:44.935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Authenticated Remote Code Execution in Aruba CX Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-1168",
"datePublished": "2023-03-21T20:22:09.558Z",
"dateReserved": "2023-03-03T16:58:46.073Z",
"dateUpdated": "2025-02-26T16:33:03.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41003 (GCVE-0-2021-41003)
Vulnerability from cvelistv5 – Published: 2022-03-02 21:41 – Updated: 2024-08-04 02:59
VLAI?
Summary
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple unauthenticated command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series |
Affected:
AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:30.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple unauthenticated command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T21:41:42",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-41003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple unauthenticated command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-41003",
"datePublished": "2022-03-02T21:41:42",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:59:30.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-37160 (GCVE-0-2025-37160)
Vulnerability from nvd – Published: 2025-11-18 18:54 – Updated: 2025-11-18 20:56
VLAI?
Summary
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
dugisan3rd
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:56:16.719220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:56:20.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dugisan3rd"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.\u003c/p\u003e"
}
],
"value": "A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:54:09.908Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Broken Access Control (BAC) in REST API Configuration Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37160",
"datePublished": "2025-11-18T18:54:09.908Z",
"dateReserved": "2025-04-16T01:28:25.374Z",
"dateUpdated": "2025-11-18T20:56:20.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37159 (GCVE-0-2025-37159)
Vulnerability from nvd – Published: 2025-11-18 18:52 – Updated: 2025-11-19 04:55
VLAI?
Summary
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.
Severity ?
5.8 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
0x50d
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:34.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0x50d"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.\u003c/p\u003e"
}
],
"value": "A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:52:46.501Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37159",
"datePublished": "2025-11-18T18:52:46.501Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-19T04:55:34.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37158 (GCVE-0-2025-37158)
Vulnerability from nvd – Published: 2025-11-18 18:51 – Updated: 2025-11-19 04:55
VLAI?
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
Severity ?
6.7 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
zzcentury from Ubisetech Sirius Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:35.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisetech Sirius Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:51:28.623Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37158",
"datePublished": "2025-11-18T18:51:28.623Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-19T04:55:35.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37157 (GCVE-0-2025-37157)
Vulnerability from nvd – Published: 2025-11-18 18:48 – Updated: 2025-12-01 15:35
VLAI?
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
Severity ?
6.7 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networkign AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
zzcentury from Ubisectech Sirius Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T04:55:36.300388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:35:01.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networkign AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:48:58.009Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37157",
"datePublished": "2025-11-18T18:48:58.009Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-12-01T15:35:01.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37156 (GCVE-0-2025-37156)
Vulnerability from nvd – Published: 2025-11-18 18:46 – Updated: 2025-11-18 20:28
VLAI?
Summary
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.
Severity ?
6.8 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
Nicholas Starke
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:12:58.972214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:28:30.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicholas Starke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.\u003c/p\u003e"
}
],
"value": "A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:46:10.640Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "ArubaOS-CX Platform-Level Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37156",
"datePublished": "2025-11-18T18:46:10.640Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-18T20:28:30.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37155 (GCVE-0-2025-37155)
Vulnerability from nvd – Published: 2025-11-18 18:40 – Updated: 2025-11-19 04:55
VLAI?
Summary
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Affected:
10.16.0000 , ≤ 10.16.1000
(semver)
Affected: 10.15.0000 , ≤ 10.15.1020 (semver) Affected: 10.14.0000 , ≤ 10.14.1050 (semver) Affected: 10.13.0000 , ≤ 10.13.1090 (semver) Affected: 10.10.0000 , ≤ 10.10.1160 (semver) |
Credits
Angelo Catalani
Giacomo Gloria
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:36.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Angelo Catalani"
},
{
"lang": "en",
"type": "reporter",
"value": "Giacomo Gloria"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.\u003c/p\u003e"
}
],
"value": "A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:40:40.560Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "EXTERNAL"
},
"title": "Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37155",
"datePublished": "2025-11-18T18:40:40.560Z",
"dateReserved": "2025-04-16T01:28:25.369Z",
"dateUpdated": "2025-11-19T04:55:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3718 (GCVE-0-2023-3718)
Vulnerability from nvd – Published: 2023-08-01 18:25 – Updated: 2024-10-22 20:29
VLAI?
Summary
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba CX Switches |
Affected:
AOS-CX 10.11.xxxx: 10.11.1010 and below
Affected: AOS-CX 10.10.xxxx: 10.10.1050 and below |
Credits
Nick Starke of Aruba Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hewlett_packard_enterprise:aruba_cx_switches:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_cx_switches",
"vendor": "hewlett_packard_enterprise",
"versions": [
{
"lessThanOrEqual": "10.11.1010",
"status": "affected",
"version": "10.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.10.1050",
"status": "affected",
"version": "10.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:21:25.652996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:29:41.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"AOS-CX"
],
"product": "Aruba CX Switches",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.11.xxxx: 10.11.1010 and below"
},
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.1050 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nick Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cpre\u003eAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\u003c/pre\u003e\n\n"
}
],
"value": "\nAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T18:25:10.262Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-3718",
"datePublished": "2023-08-01T18:25:10.262Z",
"dateReserved": "2023-07-17T17:36:17.204Z",
"dateUpdated": "2024-10-22T20:29:41.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1168 (GCVE-0-2023-1168)
Vulnerability from nvd – Published: 2023-03-21 20:22 – Updated: 2025-02-26 16:33
VLAI?
Summary
An authenticated remote code execution vulnerability
exists in the AOS-CX Network Analytics Engine. Successful
exploitation of this vulnerability results in the ability to
execute arbitrary code as a privileged user on the underlying
operating system, leading to a complete compromise of the
switch running AOS-CX.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series |
Affected:
AOS-CX 10.10.xxxx: 10.10.1020 and below.
Affected: AOS-CX 10.09.xxxx: 10.09.1020 and below. Affected: AOS-CX 10.08.xxxx: 10.08.1070 and below. Affected: AOS-CX 10.06.xxxx: 10.06.0230 and below. |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:29:51.845138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:33:03.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"AOS-CX"
],
"product": "Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.1020 and below."
},
{
"status": "affected",
"version": "AOS-CX 10.09.xxxx: 10.09.1020 and below."
},
{
"status": "affected",
"version": "AOS-CX 10.08.xxxx: 10.08.1070 and below."
},
{
"status": "affected",
"version": "AOS-CX 10.06.xxxx: 10.06.0230 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote code execution vulnerability\n exists in the AOS-CX Network Analytics Engine. Successful\n exploitation of this vulnerability results in the ability to\n execute arbitrary code as a privileged user on the underlying\n operating system, leading to a complete compromise of the\n switch running AOS-CX.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An authenticated remote code execution vulnerability\n exists in the AOS-CX Network Analytics Engine. Successful\n exploitation of this vulnerability results in the ability to\n execute arbitrary code as a privileged user on the underlying\n operating system, leading to a complete compromise of the\n switch running AOS-CX.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T04:38:44.935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Authenticated Remote Code Execution in Aruba CX Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-1168",
"datePublished": "2023-03-21T20:22:09.558Z",
"dateReserved": "2023-03-03T16:58:46.073Z",
"dateUpdated": "2025-02-26T16:33:03.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41003 (GCVE-0-2021-41003)
Vulnerability from nvd – Published: 2022-03-02 21:41 – Updated: 2024-08-04 02:59
VLAI?
Summary
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
Severity ?
No CVSS data available.
CWE
- Multiple unauthenticated command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series |
Affected:
AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:30.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple unauthenticated command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T21:41:42",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-41003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series",
"version": {
"version_data": [
{
"version_value": "AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple unauthenticated command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-41003",
"datePublished": "2022-03-02T21:41:42",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:59:30.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}