github - ghsa-pvf9-jp7g-w7j3

ghsa-pvf9-jp7g-w7j3

Vulnerability from github

Published

2023-03-01 09:30

Modified

2023-03-10 21:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-22775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.",
  "id": "GHSA-pvf9-jp7g-w7j3",
  "modified": "2023-03-10T21:30:25Z",
  "published": "2023-03-01T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22775"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-22775

Vulnerability from cvelistv5

Published

2023-02-28 16:58

Modified

2024-08-02 10:20

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface

References

▼	URL	Tags
	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt

Impacted products

▼	Vendor	Product
	Hewlett Packard Enterprise (HPE)	Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:30.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "status": "affected",
              "version": "ArubaOS 8.6.x.x:  8.6.0.19 and below"
            },
            {
              "status": "affected",
              "version": "ArubaOS 8.10.x.x:   8.10.0.4 and below"
            },
            {
              "status": "affected",
              "version": "ArubaOS 10.3.x.x:  10.3.1.0 and below"
            },
            {
              "status": "affected",
              "version": "SD-WAN 8.7.0.0-2.3.0.x:  8.7.0.0-2.3.0.8 and below"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Erik de Jong (bugcrowd.com/erikdejong)"
        }
      ],
      "datePublic": "2023-02-28T21:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-01T05:45:13.020935Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2023-22775",
    "datePublished": "2023-02-28T16:58:34.249Z",
    "dateReserved": "2023-01-06T15:24:20.508Z",
    "dateUpdated": "2024-08-02T10:20:30.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.