github - ghsa-fw24-9x85-rmf8

ghsa-fw24-9x85-rmf8

Vulnerability from github

Published

2023-07-06 21:14

Modified

2024-04-04 05:40

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-22788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-08T15:15:10Z",
    "severity": "HIGH"
  },
  "details": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system.",
  "id": "GHSA-fw24-9x85-rmf8",
  "modified": "2024-04-04T05:40:29Z",
  "published": "2023-07-06T21:14:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22788"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-22788

Vulnerability from cvelistv5

Published

2023-05-08 14:08

Modified

2024-08-02 10:20

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

References

▼	URL	Tags
	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt

Impacted products

▼	Vendor	Product
	Hewlett Packard Enterprise (HPE)	Aruba Access Points running InstantOS and ArubaOS 10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:30.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Aruba Access Points running InstantOS and ArubaOS 10",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "status": "affected",
              "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
            },
            {
              "status": "affected",
              "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
            },
            {
              "status": "affected",
              "version": "See reference document for further details"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Jensen (@dozernz)"
        }
      ],
      "datePublic": "2023-05-09T20:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
            }
          ],
          "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-08T14:08:35.055Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2023-22788",
    "datePublished": "2023-05-08T14:08:35.055Z",
    "dateReserved": "2023-01-06T15:24:20.510Z",
    "dateUpdated": "2024-08-02T10:20:30.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted