Search criteria
9 vulnerabilities found for arubaos-switch by hpe
FKIE_CVE-2023-39268
Vulnerability from fkie_nvd - Published: 2023-08-29 20:15 - Updated: 2024-11-21 08:15
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD",
"versionEndExcluding": "a.15.16.0026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9",
"versionEndExcluding": "16.04.0027",
"versionStartIncluding": "16.01.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0",
"versionEndExcluding": "16.08.0027",
"versionStartIncluding": "16.05.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039",
"versionEndExcluding": "16.10.0024",
"versionStartIncluding": "16.10.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4",
"versionEndExcluding": "16.11.0013",
"versionStartIncluding": "16.11.0001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de corrupci\u00f3n de memoria en ArubaOS-Switch podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado al recibir paquetes especialmente manipulados. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-39268",
"lastModified": "2024-11-21T08:15:01.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T20:15:09.830",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-39267
Vulnerability from fkie_nvd - Published: 2023-08-29 20:15 - Updated: 2024-11-21 08:15
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD",
"versionEndExcluding": "a.15.16.0026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9",
"versionEndExcluding": "16.04.0027",
"versionStartIncluding": "16.01.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0",
"versionEndExcluding": "16.08.0027",
"versionStartIncluding": "16.05.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039",
"versionEndExcluding": "16.10.0024",
"versionStartIncluding": "16.10.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4",
"versionEndExcluding": "16.11.0013",
"versionStartIncluding": "16.11.0001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada en la interfaz de l\u00ednea de comandos de ArubaOS-Switch. La explotaci\u00f3n exitosa da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el switch.\n"
}
],
"id": "CVE-2023-39267",
"lastModified": "2024-11-21T08:15:01.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T20:15:09.743",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-39266
Vulnerability from fkie_nvd - Published: 2023-08-29 20:15 - Updated: 2024-11-21 08:15
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD",
"versionEndExcluding": "a.15.16.0026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9",
"versionEndExcluding": "16.04.0027",
"versionStartIncluding": "16.01.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0",
"versionEndExcluding": "16.08.0027",
"versionStartIncluding": "16.05.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039",
"versionEndExcluding": "16.10.0024",
"versionStartIncluding": "16.10.0001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4",
"versionEndExcluding": "16.11.0013",
"versionStartIncluding": "16.11.0001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de ArubaOS-Switch podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz, siempre que ciertas opciones de configuraci\u00f3n est\u00e9n presentes. Un exploit exitoso podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de la v\u00edctima en el contexto de la interfaz afectada."
}
],
"id": "CVE-2023-39266",
"lastModified": "2024-11-21T08:15:01.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T20:15:09.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-39268 (GCVE-0-2023-39268)
Vulnerability from cvelistv5 – Published: 2023-08-29 19:38 – Updated: 2024-09-27 19:51
VLAI?
Title
Memory Corruption Vulnerability in ArubaOS-Switch
Summary
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
4.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | ArubaOS-Switch |
Affected:
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Affected: ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. Affected: ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. Affected: ArubaOS-Switch 16.09.xxxx: All versions. Affected: ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. Affected: ArubaOS-Switch 16.07.xxxx: All versions. Affected: ArubaOS-Switch 16.06.xxxx: All versions. Affected: ArubaOS-Switch 16.05.xxxx: All versions. Affected: ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. Affected: ArubaOS-Switch 16.03.xxxx: All versions. Affected: ArubaOS-Switch 16.02.xxxx: All versions. Affected: ArubaOS-Switch 16.01.xxxx: All versions. Affected: ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. |
Credits
Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:38:40.939853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:51:59.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T19:38:58.346Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory Corruption Vulnerability in ArubaOS-Switch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-39268",
"datePublished": "2023-08-29T19:38:58.346Z",
"dateReserved": "2023-07-26T15:52:27.843Z",
"dateUpdated": "2024-09-27T19:51:59.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39267 (GCVE-0-2023-39267)
Vulnerability from cvelistv5 – Published: 2023-08-29 19:28 – Updated: 2024-09-27 19:54
VLAI?
Title
Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface
Summary
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
Severity ?
6.6 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | ArubaOS-Switch |
Affected:
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Affected: ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. Affected: ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. Affected: ArubaOS-Switch 16.09.xxxx: All versions. Affected: ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. Affected: ArubaOS-Switch 16.07.xxxx: All versions. Affected: ArubaOS-Switch 16.06.xxxx: All versions. Affected: ArubaOS-Switch 16.05.xxxx: All versions. Affected: ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. Affected: ArubaOS-Switch 16.03.xxxx: All versions. Affected: ArubaOS-Switch 16.02.xxxx: All versions. Affected: ArubaOS-Switch 16.01.xxxx: All versions. Affected: ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. |
Credits
Lino Mirgeler of DTS Systeme GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:41:36.720364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:54:56.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lino Mirgeler of DTS Systeme GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003e\u003cpre\u003eAn authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\u003c/pre\u003e\u003cbr\u003e\u003c/pre\u003e"
}
],
"value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T19:28:55.315Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-39267",
"datePublished": "2023-08-29T19:28:55.315Z",
"dateReserved": "2023-07-26T15:52:27.843Z",
"dateUpdated": "2024-09-27T19:54:56.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39266 (GCVE-0-2023-39266)
Vulnerability from cvelistv5 – Published: 2023-08-29 19:20 – Updated: 2024-09-27 21:56
VLAI?
Title
Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch
Summary
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
Severity ?
8.3 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | ArubaOS-Switch |
Affected:
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Affected: ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. Affected: ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. Affected: ArubaOS-Switch 16.09.xxxx: All versions. Affected: ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. Affected: ArubaOS-Switch 16.07.xxxx: All versions. Affected: ArubaOS-Switch 16.06.xxxx: All versions. Affected: ArubaOS-Switch 16.05.xxxx: All versions. Affected: ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. Affected: ArubaOS-Switch 16.03.xxxx: All versions. Affected: ArubaOS-Switch 16.02.xxxx: All versions. Affected: ArubaOS-Switch 16.01.xxxx: All versions. Affected: ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. |
Credits
Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T21:49:17.160778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T21:56:37.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T19:20:20.829Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-39266",
"datePublished": "2023-08-29T19:20:18.105Z",
"dateReserved": "2023-07-26T15:52:27.843Z",
"dateUpdated": "2024-09-27T21:56:37.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39268 (GCVE-0-2023-39268)
Vulnerability from nvd – Published: 2023-08-29 19:38 – Updated: 2024-09-27 19:51
VLAI?
Title
Memory Corruption Vulnerability in ArubaOS-Switch
Summary
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
4.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | ArubaOS-Switch |
Affected:
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Affected: ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. Affected: ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. Affected: ArubaOS-Switch 16.09.xxxx: All versions. Affected: ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. Affected: ArubaOS-Switch 16.07.xxxx: All versions. Affected: ArubaOS-Switch 16.06.xxxx: All versions. Affected: ArubaOS-Switch 16.05.xxxx: All versions. Affected: ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. Affected: ArubaOS-Switch 16.03.xxxx: All versions. Affected: ArubaOS-Switch 16.02.xxxx: All versions. Affected: ArubaOS-Switch 16.01.xxxx: All versions. Affected: ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. |
Credits
Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:38:40.939853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:51:59.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T19:38:58.346Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory Corruption Vulnerability in ArubaOS-Switch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-39268",
"datePublished": "2023-08-29T19:38:58.346Z",
"dateReserved": "2023-07-26T15:52:27.843Z",
"dateUpdated": "2024-09-27T19:51:59.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39267 (GCVE-0-2023-39267)
Vulnerability from nvd – Published: 2023-08-29 19:28 – Updated: 2024-09-27 19:54
VLAI?
Title
Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface
Summary
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
Severity ?
6.6 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | ArubaOS-Switch |
Affected:
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Affected: ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. Affected: ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. Affected: ArubaOS-Switch 16.09.xxxx: All versions. Affected: ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. Affected: ArubaOS-Switch 16.07.xxxx: All versions. Affected: ArubaOS-Switch 16.06.xxxx: All versions. Affected: ArubaOS-Switch 16.05.xxxx: All versions. Affected: ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. Affected: ArubaOS-Switch 16.03.xxxx: All versions. Affected: ArubaOS-Switch 16.02.xxxx: All versions. Affected: ArubaOS-Switch 16.01.xxxx: All versions. Affected: ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. |
Credits
Lino Mirgeler of DTS Systeme GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T19:41:36.720364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:54:56.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lino Mirgeler of DTS Systeme GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003e\u003cpre\u003eAn authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\u003c/pre\u003e\u003cbr\u003e\u003c/pre\u003e"
}
],
"value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T19:28:55.315Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-39267",
"datePublished": "2023-08-29T19:28:55.315Z",
"dateReserved": "2023-07-26T15:52:27.843Z",
"dateUpdated": "2024-09-27T19:54:56.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39266 (GCVE-0-2023-39266)
Vulnerability from nvd – Published: 2023-08-29 19:20 – Updated: 2024-09-27 21:56
VLAI?
Title
Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch
Summary
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
Severity ?
8.3 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | ArubaOS-Switch |
Affected:
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Affected: ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. Affected: ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. Affected: ArubaOS-Switch 16.09.xxxx: All versions. Affected: ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. Affected: ArubaOS-Switch 16.07.xxxx: All versions. Affected: ArubaOS-Switch 16.06.xxxx: All versions. Affected: ArubaOS-Switch 16.05.xxxx: All versions. Affected: ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. Affected: ArubaOS-Switch 16.03.xxxx: All versions. Affected: ArubaOS-Switch 16.02.xxxx: All versions. Affected: ArubaOS-Switch 16.01.xxxx: All versions. Affected: ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. |
Credits
Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T21:49:17.160778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T21:56:37.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ken Pyle - Partner and Exploit Developer, CYBIR and Graduate Professor of Cybersecurity at Chestnut Hill College"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T19:20:20.829Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-39266",
"datePublished": "2023-08-29T19:20:18.105Z",
"dateReserved": "2023-07-26T15:52:27.843Z",
"dateUpdated": "2024-09-27T21:56:37.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}