All the vulnerabilites related to arubanetworks - mcr-va-1k
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Summary
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n"
}
],
"id": "CVE-2023-22771",
"lastModified": "2024-11-21T07:45:23.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.030",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22768",
"lastModified": "2024-11-21T07:45:23.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.833",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"id": "CVE-2023-35976",
"lastModified": "2024-11-21T08:09:05.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.650",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22763",
"lastModified": "2024-11-21T07:45:22.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.500",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n"
}
],
"id": "CVE-2023-22776",
"lastModified": "2024-11-21T07:45:24.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.473",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22765",
"lastModified": "2024-11-21T07:45:22.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote command injection vulnerability\u00a0exists in the ArubaOS web-based management interface.\u00a0Successful exploitation of this vulnerability results in the\u00a0ability to execute arbitrary commands as a privileged user\u00a0on the underlying operating system. This allows an attacker\u00a0to fully compromise the underlying operating system on the\u00a0device running ArubaOS."
}
],
"id": "CVE-2023-35972",
"lastModified": "2024-11-21T08:09:05.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.367",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22767",
"lastModified": "2024-11-21T07:45:23.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.767",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"id": "CVE-2023-35974",
"lastModified": "2024-11-21T08:09:05.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.507",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"id": "CVE-2023-35973",
"lastModified": "2024-11-21T08:09:05.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.437",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"id": "CVE-2023-35977",
"lastModified": "2024-11-21T08:09:05.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.720",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"id": "CVE-2023-22774",
"lastModified": "2024-11-21T07:45:24.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.253",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"id": "CVE-2023-22773",
"lastModified": "2024-11-21T07:45:23.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22762",
"lastModified": "2024-11-21T07:45:22.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.433",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22764",
"lastModified": "2024-11-21T07:45:22.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.573",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system."
}
],
"id": "CVE-2023-35975",
"lastModified": "2024-11-21T08:09:05.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.580",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22769",
"lastModified": "2024-11-21T07:45:23.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.900",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u00a0conduct a stored cross-site scripting (XSS) attack against a\u00a0user of the interface. A successful exploit could\u00a0allow an attacker to execute arbitrary script code in a\u00a0victim\u0027s browser in the context of the affected interface."
}
],
"id": "CVE-2023-35971",
"lastModified": "2024-11-21T08:09:05.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 6.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.277",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22770",
"lastModified": "2024-11-21T07:45:23.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.963",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22766",
"lastModified": "2024-11-21T07:45:23.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.700",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller."
}
],
"id": "CVE-2023-35979",
"lastModified": "2024-11-21T08:09:06.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.863",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ArubaOS could allow an unauthenticated\u00a0remote attacker to conduct a reflected cross-site scripting\u00a0(XSS) attack against a user of the web-based management\u00a0interface. A successful exploit could allow an attacker to\u00a0execute arbitrary script code in a victim\u0027s browser in the\u00a0context of the affected interface."
}
],
"id": "CVE-2023-35978",
"lastModified": "2024-11-21T08:09:05.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.790",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-35972
Vulnerability from cvelistv5
Published
2023-07-05 14:44
Modified
2024-12-04 15:41
Severity ?
EPSS score ?
Summary
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:41:01.720192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:41:16.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote command injection vulnerability\u0026nbsp;exists in the ArubaOS web-based management interface.\u0026nbsp;Successful exploitation of this vulnerability results in the\u0026nbsp;ability to execute arbitrary commands as a privileged user\u0026nbsp;on the underlying operating system. This allows an attacker\u0026nbsp;to fully compromise the underlying operating system on the\u0026nbsp;device running ArubaOS."
}
],
"value": "An authenticated remote command injection vulnerability\u00a0exists in the ArubaOS web-based management interface.\u00a0Successful exploitation of this vulnerability results in the\u00a0ability to execute arbitrary commands as a privileged user\u00a0on the underlying operating system. This allows an attacker\u00a0to fully compromise the underlying operating system on the\u00a0device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:44:42.156Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35972",
"datePublished": "2023-07-05T14:44:42.156Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-12-04T15:41:16.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22773
Vulnerability from cvelistv5
Published
2023-02-28 16:56
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22773",
"datePublished": "2023-02-28T16:56:44.883Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2024-08-02T10:20:30.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22774
Vulnerability from cvelistv5
Published
2023-02-28 16:57
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22774",
"datePublished": "2023-02-28T16:57:05.728Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2024-08-02T10:20:31.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35976
Vulnerability from cvelistv5
Published
2023-07-05 14:47
Modified
2024-12-04 15:39
Severity ?
EPSS score ?
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:38:41.712067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:39:11.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist which allow an authenticated attacker\u0026nbsp;to access sensitive information on the ArubaOS command line\u0026nbsp;interface. Successful exploitation could allow access to data\u0026nbsp;beyond what is authorized by the users existing privilege\u0026nbsp;level."
}
],
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:47:43.236Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35976",
"datePublished": "2023-07-05T14:47:43.236Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-12-04T15:39:11.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22770
Vulnerability from cvelistv5
Published
2023-02-28 16:51
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22770",
"datePublished": "2023-02-28T16:51:02.255Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2024-08-02T10:20:30.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22762
Vulnerability from cvelistv5
Published
2023-02-28 16:46
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22762",
"datePublished": "2023-02-28T16:46:03.890Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2024-08-02T10:20:30.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35979
Vulnerability from cvelistv5
Published
2023-07-05 14:50
Modified
2024-12-04 15:36
Severity ?
EPSS score ?
Summary
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:35:07.055934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:36:27.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "the technical staff at Northwestern University"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an unauthenticated buffer overflow vulnerability\u0026nbsp;in the process controlling the ArubaOS web-based management\u0026nbsp;interface. Successful exploitation of this vulnerability\u0026nbsp;results in a Denial-of-Service (DoS) condition affecting the\u0026nbsp;web-based management interface of the controller."
}
],
"value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:50:10.736Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35979",
"datePublished": "2023-07-05T14:50:10.736Z",
"dateReserved": "2023-06-20T18:41:22.738Z",
"dateUpdated": "2024-12-04T15:36:27.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22765
Vulnerability from cvelistv5
Published
2023-02-28 16:47
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22765",
"datePublished": "2023-02-28T16:47:35.008Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2024-08-02T10:20:30.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35977
Vulnerability from cvelistv5
Published
2023-07-05 14:47
Modified
2024-12-04 15:38
Severity ?
EPSS score ?
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:38:07.853419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:38:20.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist which allow an authenticated attacker\u0026nbsp;to access sensitive information on the ArubaOS command line\u0026nbsp;interface. Successful exploitation could allow access to data\u0026nbsp;beyond what is authorized by the users existing privilege\u0026nbsp;level."
}
],
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:47:46.596Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35977",
"datePublished": "2023-07-05T14:47:46.596Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-12-04T15:38:20.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22771
Vulnerability from cvelistv5
Published
2023-02-28 16:53
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mitchell Pompe of Netskope"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Session Expiration in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22771",
"datePublished": "2023-02-28T16:53:19.915Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2024-08-02T10:20:30.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35975
Vulnerability from cvelistv5
Published
2023-07-05 14:46
Modified
2024-12-04 15:39
Severity ?
EPSS score ?
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:39:28.929227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:39:41.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the\u0026nbsp;ArubaOS command line interface. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to delete arbitrary\u0026nbsp;files in the underlying operating system."
}
],
"value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:46:49.679Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35975",
"datePublished": "2023-07-05T14:46:49.679Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-12-04T15:39:41.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35978
Vulnerability from cvelistv5
Published
2023-07-05 14:49
Modified
2024-10-21 21:11
Severity ?
EPSS score ?
Summary
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:07:02.071788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:25.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "haidv35 from Viettel Cyber Security"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in ArubaOS could allow an unauthenticated\u0026nbsp;remote attacker to conduct a reflected cross-site scripting\u0026nbsp;(XSS) attack against a user of the web-based management\u0026nbsp;interface. A successful exploit could allow an attacker to\u0026nbsp;execute arbitrary script code in a victim\u0027s browser in the\u0026nbsp;context of the affected interface."
}
],
"value": "A vulnerability in ArubaOS could allow an unauthenticated\u00a0remote attacker to conduct a reflected cross-site scripting\u00a0(XSS) attack against a user of the web-based management\u00a0interface. A successful exploit could allow an attacker to\u00a0execute arbitrary script code in a victim\u0027s browser in the\u00a0context of the affected interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:49:00.807Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35978",
"datePublished": "2023-07-05T14:49:00.807Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-10-21T21:11:25.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35974
Vulnerability from cvelistv5
Published
2023-07-05 14:45
Modified
2024-12-04 15:40
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:39:54.939542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:40:07.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in\u0026nbsp;the ArubaOS command line interface. Successful exploitation\u0026nbsp;of these vulnerabilities result in the ability to execute\u0026nbsp;arbitrary commands as a privileged user on the underlying\u0026nbsp;operating system."
}
],
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:45:43.215Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35974",
"datePublished": "2023-07-05T14:45:43.215Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-12-04T15:40:07.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35973
Vulnerability from cvelistv5
Published
2023-07-05 14:45
Modified
2024-12-04 15:40
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:40:20.723913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:40:45.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in\u0026nbsp;the ArubaOS command line interface. Successful exploitation\u0026nbsp;of these vulnerabilities result in the ability to execute\u0026nbsp;arbitrary commands as a privileged user on the underlying\u0026nbsp;operating system."
}
],
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:45:39.756Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35973",
"datePublished": "2023-07-05T14:45:39.756Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-12-04T15:40:45.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22769
Vulnerability from cvelistv5
Published
2023-02-28 16:50
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22769",
"datePublished": "2023-02-28T16:50:46.657Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2024-08-02T10:20:31.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22763
Vulnerability from cvelistv5
Published
2023-02-28 16:46
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22763",
"datePublished": "2023-02-28T16:46:58.281Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2024-08-02T10:20:30.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35971
Vulnerability from cvelistv5
Published
2023-07-05 14:43
Modified
2024-10-21 21:11
Severity ?
EPSS score ?
Summary
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:07:03.397156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:32.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "123ojp (bugcrowd.com/123ojp)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u0026nbsp;conduct a stored cross-site scripting (XSS) attack against a\u0026nbsp;user of the interface. A successful exploit could\u0026nbsp;allow an attacker to execute arbitrary script code in a\u0026nbsp;victim\u0027s browser in the context of the affected interface."
}
],
"value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u00a0conduct a stored cross-site scripting (XSS) attack against a\u00a0user of the interface. A successful exploit could\u00a0allow an attacker to execute arbitrary script code in a\u00a0victim\u0027s browser in the context of the affected interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:43:11.546Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35971",
"datePublished": "2023-07-05T14:43:11.546Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-10-21T21:11:32.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22776
Vulnerability from cvelistv5
Published
2023-02-28 17:02
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\u003cbr\u003e"
}
],
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22776",
"datePublished": "2023-02-28T17:02:51.772Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2024-08-02T10:20:30.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22768
Vulnerability from cvelistv5
Published
2023-02-28 16:49
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22768",
"datePublished": "2023-02-28T16:49:39.531Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2024-08-02T10:20:30.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22767
Vulnerability from cvelistv5
Published
2023-02-28 16:49
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22767",
"datePublished": "2023-02-28T16:49:03.354Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2024-08-02T10:20:30.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22764
Vulnerability from cvelistv5
Published
2023-02-28 16:47
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22764",
"datePublished": "2023-02-28T16:47:14.005Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2024-08-02T10:20:30.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22766
Vulnerability from cvelistv5
Published
2023-02-28 16:48
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22766",
"datePublished": "2023-02-28T16:48:00.530Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2024-08-02T10:20:30.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}