Search criteria

189 vulnerabilities found for sd-wan by arubanetworks

FKIE_CVE-2023-22775

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n"
    }
  ],
  "id": "CVE-2023-22775",
  "lastModified": "2025-03-07T21:15:14.480",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.330",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22772

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\n"
    }
  ],
  "id": "CVE-2023-22772",
  "lastModified": "2025-03-07T21:15:14.017",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.100",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22778

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n"
    }
  ],
  "id": "CVE-2023-22778",
  "lastModified": "2025-03-07T21:15:14.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.657",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22774

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
    }
  ],
  "id": "CVE-2023-22774",
  "lastModified": "2025-03-07T21:15:14.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.253",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22773

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
    }
  ],
  "id": "CVE-2023-22773",
  "lastModified": "2025-03-07T21:15:14.153",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.167",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22771

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Summary
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n"
    }
  ],
  "id": "CVE-2023-22771",
  "lastModified": "2024-11-21T07:45:23.693",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.030",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22777

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n"
    }
  ],
  "id": "CVE-2023-22777",
  "lastModified": "2025-03-07T21:15:14.763",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.563",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22776

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n"
    }
  ],
  "id": "CVE-2023-22776",
  "lastModified": "2025-03-07T21:15:14.620",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:14.473",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22764

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22764",
  "lastModified": "2025-03-11T14:15:17.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.573",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22768

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22768",
  "lastModified": "2024-11-21T07:45:23.337",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.833",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22763

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22763",
  "lastModified": "2025-03-11T14:15:17.760",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.500",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22769

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22769",
  "lastModified": "2024-11-21T07:45:23.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.900",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22770

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22770",
  "lastModified": "2024-11-21T07:45:23.573",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.963",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22756

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22756",
  "lastModified": "2024-11-21T07:45:21.917",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.033",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22765

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22765",
  "lastModified": "2025-03-11T14:15:18.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.637",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22762

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22762",
  "lastModified": "2024-11-21T07:45:22.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.433",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22766

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22766",
  "lastModified": "2025-03-11T15:15:37.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.700",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22761

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
    }
  ],
  "id": "CVE-2023-22761",
  "lastModified": "2024-11-21T07:45:22.497",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.367",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22759

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
    }
  ],
  "id": "CVE-2023-22759",
  "lastModified": "2024-11-21T07:45:22.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.233",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22760

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
    }
  ],
  "id": "CVE-2023-22760",
  "lastModified": "2024-11-21T07:45:22.380",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.300",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22757

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22757",
  "lastModified": "2024-11-21T07:45:22.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.100",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22767

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks mc-va-10 -
arubanetworks mc-va-1k -
arubanetworks mc-va-250 -
arubanetworks mc-va-50 -
arubanetworks mcr-hw-10k -
arubanetworks mcr-hw-1k -
arubanetworks mcr-hw-5k -
arubanetworks mcr-va-10k -
arubanetworks mcr-va-1k -
arubanetworks mcr-va-50 -
arubanetworks mcr-va-500 -
arubanetworks mcr-va-5k -
arubanetworks sd-wan *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22767",
  "lastModified": "2025-03-11T15:15:37.823",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.767",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22758

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
    }
  ],
  "id": "CVE-2023-22758",
  "lastModified": "2024-11-21T07:45:22.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.170",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22747

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
    }
  ],
  "id": "CVE-2023-22747",
  "lastModified": "2025-03-11T15:15:37.513",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.427",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22751

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).  Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
    }
  ],
  "id": "CVE-2023-22751",
  "lastModified": "2025-03-07T21:15:13.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.690",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22752

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).  Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
    }
  ],
  "id": "CVE-2023-22752",
  "lastModified": "2025-03-11T14:15:17.410",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.760",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22748

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22748",
  "lastModified": "2025-03-07T21:15:13.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.493",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22753

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-11 14:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22753",
  "lastModified": "2025-03-11T14:15:17.590",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.823",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-22754

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22754",
  "lastModified": "2024-11-21T07:45:21.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.897",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-22749

Vulnerability from fkie_nvd - Published: 2023-03-01 08:15 - Updated: 2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtVendor Advisory
Impacted products
Vendor Product Version
arubanetworks sd-wan *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22749",
  "lastModified": "2025-03-07T21:15:13.610",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:12.560",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}