Search criteria
75 vulnerabilities found for edgeconnect_enterprise by arubanetworks
FKIE_CVE-2023-30509
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2025-01-22 21:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"id": "CVE-2023-30509",
"lastModified": "2025-01-22T21:15:09.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:10.067",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-30510
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2024-11-21 08:00
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance."
}
],
"id": "CVE-2023-30510",
"lastModified": "2024-11-21T08:00:19.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:10.140",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30507
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2025-01-31 15:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"id": "CVE-2023-30507",
"lastModified": "2025-01-31T15:15:10.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-16T19:15:09.893",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-30503
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2024-11-21 08:00
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"id": "CVE-2023-30503",
"lastModified": "2024-11-21T08:00:18.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:09.630",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30505
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2024-11-21 08:00
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"id": "CVE-2023-30505",
"lastModified": "2024-11-21T08:00:18.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:09.757",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30508
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2025-01-22 21:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"id": "CVE-2023-30508",
"lastModified": "2025-01-22T21:15:09.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:09.980",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-30502
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2024-11-21 08:00
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"id": "CVE-2023-30502",
"lastModified": "2024-11-21T08:00:18.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:09.567",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30506
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2025-01-31 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"id": "CVE-2023-30506",
"lastModified": "2025-01-31T15:15:09.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-16T19:15:09.817",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30501
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2024-11-21 08:00
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"id": "CVE-2023-30501",
"lastModified": "2024-11-21T08:00:18.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:09.493",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30504
Vulnerability from fkie_nvd - Published: 2023-05-16 19:15 - Updated: 2024-11-21 08:00
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * | |
| arubanetworks | edgeconnect_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743",
"versionEndIncluding": "9.0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B",
"versionEndIncluding": "9.1.5.0",
"versionStartIncluding": "9.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154",
"versionEndIncluding": "9.2.3.0",
"versionStartIncluding": "9.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"id": "CVE-2023-30504",
"lastModified": "2024-11-21T08:00:18.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-16T19:15:09.693",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-30510 (GCVE-0-2023-30510)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:56 – Updated: 2025-01-22 20:15
VLAI?
Summary
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.
Severity ?
4.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:15:44.450178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:15:47.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u0026nbsp;web management interface that allows remote authenticated\u0026nbsp;users to issue arbitrary URL requests from the Aruba\u0026nbsp;EdgeConnect Enterprise instance. The impact of this\u0026nbsp;vulnerability is limited to a subset of URLs which can\u0026nbsp;result in the possible disclosure of data due to the network\u0026nbsp;position of the Aruba EdgeConnect Enterprise instance."
}
],
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:21.543Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30510",
"datePublished": "2023-05-16T18:56:20.679Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:15:47.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30509 (GCVE-0-2023-30509)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:55 – Updated: 2025-01-22 20:16
VLAI?
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:16:10.663092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:16:20.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:12.085Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30509",
"datePublished": "2023-05-16T18:55:05.306Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:16:20.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30508 (GCVE-0-2023-30508)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:55 – Updated: 2025-01-22 20:16
VLAI?
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:16:52.627532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:16:57.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:00.335Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30508",
"datePublished": "2023-05-16T18:55:01.993Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:16:57.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30507 (GCVE-0-2023-30507)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:54 – Updated: 2025-01-31 14:57
VLAI?
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T19:17:13.735322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T14:57:14.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:44.416Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30507",
"datePublished": "2023-05-16T18:54:48.679Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-31T14:57:14.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30506 (GCVE-0-2023-30506)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-31 14:57
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T19:18:50.808636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T14:57:56.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:35.097Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30506",
"datePublished": "2023-05-16T18:51:50.159Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-31T14:57:56.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30505 (GCVE-0-2023-30505)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 21:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:15:13.647822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:03.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:28:51.484Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30505",
"datePublished": "2023-05-16T18:51:46.597Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T21:17:03.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30504 (GCVE-0-2023-30504)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 21:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ all (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:17:26.261761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:29.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:20.990Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30504",
"datePublished": "2023-05-16T18:51:43.801Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T21:17:29.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30503 (GCVE-0-2023-30503)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 20:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:17:17.807109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:17:23.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:07.455Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30503",
"datePublished": "2023-05-16T18:51:40.985Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:17:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30502 (GCVE-0-2023-30502)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 20:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:17:47.608145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:17:51.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:29:39.932Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30502",
"datePublished": "2023-05-16T18:51:27.762Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:17:51.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30501 (GCVE-0-2023-30501)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:49 – Updated: 2025-01-22 20:18
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:18:20.539814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:18:23.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:29:28.332Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30501",
"datePublished": "2023-05-16T18:49:59.884Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:18:23.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30510 (GCVE-0-2023-30510)
Vulnerability from nvd – Published: 2023-05-16 18:56 – Updated: 2025-01-22 20:15
VLAI?
Summary
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.
Severity ?
4.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:15:44.450178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:15:47.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u0026nbsp;web management interface that allows remote authenticated\u0026nbsp;users to issue arbitrary URL requests from the Aruba\u0026nbsp;EdgeConnect Enterprise instance. The impact of this\u0026nbsp;vulnerability is limited to a subset of URLs which can\u0026nbsp;result in the possible disclosure of data due to the network\u0026nbsp;position of the Aruba EdgeConnect Enterprise instance."
}
],
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:21.543Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30510",
"datePublished": "2023-05-16T18:56:20.679Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:15:47.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30509 (GCVE-0-2023-30509)
Vulnerability from nvd – Published: 2023-05-16 18:55 – Updated: 2025-01-22 20:16
VLAI?
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:16:10.663092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:16:20.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:12.085Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30509",
"datePublished": "2023-05-16T18:55:05.306Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:16:20.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30508 (GCVE-0-2023-30508)
Vulnerability from nvd – Published: 2023-05-16 18:55 – Updated: 2025-01-22 20:16
VLAI?
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:16:52.627532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:16:57.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:00.335Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30508",
"datePublished": "2023-05-16T18:55:01.993Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:16:57.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30507 (GCVE-0-2023-30507)
Vulnerability from nvd – Published: 2023-05-16 18:54 – Updated: 2025-01-31 14:57
VLAI?
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T19:17:13.735322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T14:57:14.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:44.416Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30507",
"datePublished": "2023-05-16T18:54:48.679Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-31T14:57:14.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30506 (GCVE-0-2023-30506)
Vulnerability from nvd – Published: 2023-05-16 18:51 – Updated: 2025-01-31 14:57
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T19:18:50.808636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T14:57:56.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:35.097Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30506",
"datePublished": "2023-05-16T18:51:50.159Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-31T14:57:56.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30505 (GCVE-0-2023-30505)
Vulnerability from nvd – Published: 2023-05-16 18:51 – Updated: 2025-01-22 21:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:15:13.647822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:03.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:28:51.484Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30505",
"datePublished": "2023-05-16T18:51:46.597Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T21:17:03.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30504 (GCVE-0-2023-30504)
Vulnerability from nvd – Published: 2023-05-16 18:51 – Updated: 2025-01-22 21:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ all (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:17:26.261761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:29.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:20.990Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30504",
"datePublished": "2023-05-16T18:51:43.801Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T21:17:29.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30503 (GCVE-0-2023-30503)
Vulnerability from nvd – Published: 2023-05-16 18:51 – Updated: 2025-01-22 20:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:17:17.807109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:17:23.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:07.455Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30503",
"datePublished": "2023-05-16T18:51:40.985Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:17:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30502 (GCVE-0-2023-30502)
Vulnerability from nvd – Published: 2023-05-16 18:51 – Updated: 2025-01-22 20:17
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:17:47.608145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:17:51.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:29:39.932Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30502",
"datePublished": "2023-05-16T18:51:27.762Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:17:51.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30501 (GCVE-0-2023-30501)
Vulnerability from nvd – Published: 2023-05-16 18:49 – Updated: 2025-01-22 20:18
VLAI?
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:18:20.539814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:18:23.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:29:28.332Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30501",
"datePublished": "2023-05-16T18:49:59.884Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:18:23.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}