Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-0530
Vulnerability from csaf_certbund - Published: 2023-02-28 23:00 - Updated: 2023-02-28 23:00Summary
Aruba ArubaOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um seine Privilegien zu erhöhen, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungenügende Eingabe-Überprüfungen, Pufferüberläufe, unsachgemäße Sitzungssteuerung, unsachgemäße Autorisierungs-Prüfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausführung zu bringen, einen Cross Site Scripting Angriff durchzuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um seine Privilegien zu erh\u00f6hen, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0530 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0530.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0530 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0530"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory vom 2023-02-28",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory vom 2023-02-28",
"url": "https://www.arubanetworks.com/security-advisory/arubaos-multiple-vulnerabilities-7/"
}
],
"source_lang": "en-US",
"title": "Aruba ArubaOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-02-28T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:45:54.890+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0530",
"initial_release_date": "2023-02-28T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-02-28T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Aruba ArubaOS \u003c 10.3.1.1",
"product": {
"name": "Aruba ArubaOS \u003c 10.3.1.1",
"product_id": "1241958",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:10.3.1.1"
}
}
},
{
"category": "product_name",
"name": "Aruba ArubaOS \u003c 8.10.0.5",
"product": {
"name": "Aruba ArubaOS \u003c 8.10.0.5",
"product_id": "T026576",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:8.10.0.5"
}
}
},
{
"category": "product_name",
"name": "Aruba ArubaOS \u003c 8.11.0.0",
"product": {
"name": "Aruba ArubaOS \u003c 8.11.0.0",
"product_id": "T026577",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:8.11.0.0"
}
}
}
],
"category": "product_name",
"name": "ArubaOS"
}
],
"category": "vendor",
"name": "Aruba"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-22778",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22778"
},
{
"cve": "CVE-2023-22777",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22777"
},
{
"cve": "CVE-2023-22776",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22776"
},
{
"cve": "CVE-2023-22775",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22775"
},
{
"cve": "CVE-2023-22774",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22774"
},
{
"cve": "CVE-2023-22773",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22773"
},
{
"cve": "CVE-2023-22772",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22772"
},
{
"cve": "CVE-2023-22771",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22771"
},
{
"cve": "CVE-2023-22770",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22770"
},
{
"cve": "CVE-2023-22769",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22769"
},
{
"cve": "CVE-2023-22768",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22768"
},
{
"cve": "CVE-2023-22767",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22767"
},
{
"cve": "CVE-2023-22766",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22766"
},
{
"cve": "CVE-2023-22765",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22765"
},
{
"cve": "CVE-2023-22764",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22764"
},
{
"cve": "CVE-2023-22763",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22763"
},
{
"cve": "CVE-2023-22762",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22762"
},
{
"cve": "CVE-2023-22761",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22761"
},
{
"cve": "CVE-2023-22760",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22760"
},
{
"cve": "CVE-2023-22759",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22759"
},
{
"cve": "CVE-2023-22758",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22758"
},
{
"cve": "CVE-2023-22757",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22757"
},
{
"cve": "CVE-2023-22756",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22756"
},
{
"cve": "CVE-2023-22755",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22755"
},
{
"cve": "CVE-2023-22754",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22754"
},
{
"cve": "CVE-2023-22753",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22753"
},
{
"cve": "CVE-2023-22752",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22752"
},
{
"cve": "CVE-2023-22751",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22751"
},
{
"cve": "CVE-2023-22750",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22750"
},
{
"cve": "CVE-2023-22749",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22749"
},
{
"cve": "CVE-2023-22748",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22748"
},
{
"cve": "CVE-2023-22747",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2023-22747"
},
{
"cve": "CVE-2021-3712",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen. Die Ursachen sind ungen\u00fcgende Eingabe-\u00dcberpr\u00fcfungen, Puffer\u00fcberl\u00e4ufe, unsachgem\u00e4\u00dfe Sitzungssteuerung, unsachgem\u00e4\u00dfe Autorisierungs-Pr\u00fcfungen und Path-Traversals. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, Code zur Ausf\u00fchrung zu bringen, einen Cross Site Scripting Angriff durchzuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen."
}
],
"release_date": "2023-02-28T23:00:00.000+00:00",
"title": "CVE-2021-3712"
}
]
}
CVE-2023-22759 (GCVE-0-2023-22759)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:41 – Updated: 2025-03-07 18:06
VLAI?
EPSS
Title
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:06:18.519310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:06:32.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22759",
"datePublished": "2023-02-28T16:41:28.980Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:06:32.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22762 (GCVE-0-2023-22762)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:46 – Updated: 2025-03-12 16:21
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:04:21.287180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:21:36.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22762",
"datePublished": "2023-02-28T16:46:03.890Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-12T16:21:36.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22757 (GCVE-0-2023-22757)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:36 – Updated: 2025-03-07 18:09
VLAI?
EPSS
Title
Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.10.x.x: 8.10.0.4 and below
Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Haoliang Lu at the WuHeng Lab of ByteDance
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:09:10.370621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:09:19.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:53:18.778Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22757",
"datePublished": "2023-02-28T16:36:54.386Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:09:19.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22754 (GCVE-0-2023-22754)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:34 – Updated: 2025-03-07 18:11
VLAI?
EPSS
Title
Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.10.x.x: 8.10.0.4 and below
Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Haoliang Lu at the WuHeng Lab of ByteDance
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:11:13.108556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:11:24.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:52:44.784Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22754",
"datePublished": "2023-02-28T16:34:48.324Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:11:24.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22749 (GCVE-0-2023-22749)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:05 – Updated: 2025-03-07 20:48
VLAI?
EPSS
Title
Multiple Unauthenticated Command Injections in the PAPI Protocol
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:48:27.315575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:48:40.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22749",
"datePublished": "2023-02-28T16:05:47.658Z",
"dateReserved": "2023-01-06T15:24:20.502Z",
"dateUpdated": "2025-03-07T20:48:40.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22750 (GCVE-0-2023-22750)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:09 – Updated: 2025-03-07 20:47
VLAI?
EPSS
Title
Multiple Unauthenticated Command Injections in the PAPI Protocol
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:47:16.257900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:47:28.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22750",
"datePublished": "2023-02-28T16:09:16.831Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-07T20:47:28.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22765 (GCVE-0-2023-22765)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:47 – Updated: 2025-03-11 14:05
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:05:17.711198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:05:33.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22765",
"datePublished": "2023-02-28T16:47:35.008Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:05:33.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22766 (GCVE-0-2023-22766)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:48 – Updated: 2025-03-11 14:24
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:23:51.823175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:24:04.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22766",
"datePublished": "2023-02-28T16:48:00.530Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:24:04.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22778 (GCVE-0-2023-22778)
Vulnerability from cvelistv5 – Published: 2023-02-28 17:05 – Updated: 2025-03-07 20:42
VLAI?
EPSS
Title
Authenticated Stored Cross-Site Scripting
Summary
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Phil Purviance (@superevr)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:42:36.672022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:42:49.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Phil Purviance (@superevr)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003cbr\u003e"
}
],
"value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22778",
"datePublished": "2023-02-28T17:05:56.186Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2025-03-07T20:42:49.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22755 (GCVE-0-2023-22755)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:35 – Updated: 2025-03-07 18:10
VLAI?
EPSS
Title
Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.10.x.x: 8.10.0.4 and below
Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Haoliang Lu at the WuHeng Lab of ByteDance
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:10:31.938058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:10:42.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:52:59.218Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22755",
"datePublished": "2023-02-28T16:35:24.079Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:10:42.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22771 (GCVE-0-2023-22771)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:53 – Updated: 2025-03-07 18:00
VLAI?
EPSS
Title
Insufficient Session Expiration in ArubaOS Command Line Interface
Summary
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
Severity ?
6.8 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Mitchell Pompe of Netskope
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:00:23.285175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:00:34.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mitchell Pompe of Netskope"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Session Expiration in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22771",
"datePublished": "2023-02-28T16:53:19.915Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2025-03-07T18:00:34.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22775 (GCVE-0-2023-22775)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:58 – Updated: 2025-03-07 20:44
VLAI?
EPSS
Title
Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface
Summary
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:43:59.055383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:44:09.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\u003cbr\u003e"
}
],
"value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22775",
"datePublished": "2023-02-28T16:58:34.249Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2025-03-07T20:44:09.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22756 (GCVE-0-2023-22756)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:36 – Updated: 2025-03-07 18:10
VLAI?
EPSS
Title
Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.10.x.x: 8.10.0.4 and below
Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Haoliang Lu at the WuHeng Lab of ByteDance
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:09:49.418954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:10:01.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:53:05.813Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22756",
"datePublished": "2023-02-28T16:36:32.538Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:10:01.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3712 (GCVE-0-2021-3712)
Vulnerability from cvelistv5 – Published: 2021-08-24 14:50 – Updated: 2026-04-14 08:57
VLAI?
EPSS
Title
Read buffer overruns processing ASN.1 strings
Summary
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
Severity ?
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
Impacted products
Date Public ?
2021-08-24 00:00
Credits
Ingo Schwarze
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20210824.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
},
{
"name": "DSA-4963",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4963"
},
{
"name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
},
{
"name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
},
{
"name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
},
{
"name": "GLSA-202209-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "BFCClient",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge - Machine Insight App",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge - PROFINET IO Connector",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 EEC M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2IA M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE EU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1545-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo (Administration Console)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Process Historian OPC UA Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2020 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1217C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Server V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK Operate",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.95 SP1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214FC DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Administrator",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:57:51.339Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-244969.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ingo Schwarze"
}
],
"datePublic": "2021-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:21.902Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20210824.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
},
{
"name": "DSA-4963",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4963"
},
{
"name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
},
{
"name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
},
{
"name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2021-16"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.tenable.com/security/tns-2022-02"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
},
{
"name": "GLSA-202209-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "Read buffer overruns processing ASN.1 strings"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2021-3712",
"datePublished": "2021-08-24T14:50:14.704Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2026-04-14T08:57:51.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22774 (GCVE-0-2023-22774)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:57 – Updated: 2025-03-07 20:44
VLAI?
EPSS
Title
Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:44:22.826933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:44:36.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22774",
"datePublished": "2023-02-28T16:57:05.728Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2025-03-07T20:44:36.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22747 (GCVE-0-2023-22747)
Vulnerability from cvelistv5 – Published: 2023-02-28 15:47 – Updated: 2025-03-11 14:09
VLAI?
EPSS
Title
Multiple Unauthenticated Command Injections in the PAPI Protocol
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:09:17.378382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:09:40.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22747",
"datePublished": "2023-02-28T15:47:31.864Z",
"dateReserved": "2023-01-06T15:24:20.502Z",
"dateUpdated": "2025-03-11T14:09:40.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22763 (GCVE-0-2023-22763)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:46 – Updated: 2025-03-11 14:06
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:06:30.466364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:06:43.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22763",
"datePublished": "2023-02-28T16:46:58.281Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:06:43.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22773 (GCVE-0-2023-22773)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:56 – Updated: 2025-03-07 20:45
VLAI?
EPSS
Title
Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:44:50.994860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:45:09.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22773",
"datePublished": "2023-02-28T16:56:44.883Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2025-03-07T20:45:09.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22767 (GCVE-0-2023-22767)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:49 – Updated: 2025-03-11 14:22
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:21:47.550743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:22:01.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22767",
"datePublished": "2023-02-28T16:49:03.354Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2025-03-11T14:22:01.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22769 (GCVE-0-2023-22769)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:50 – Updated: 2025-03-07 18:02
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:02:08.603200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:02:27.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22769",
"datePublished": "2023-02-28T16:50:46.657Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2025-03-07T18:02:27.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22776 (GCVE-0-2023-22776)
Vulnerability from cvelistv5 – Published: 2023-02-28 17:02 – Updated: 2025-03-07 20:43
VLAI?
EPSS
Title
Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Nicholas Starke of Aruba Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:43:31.253007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:43:45.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\u003cbr\u003e"
}
],
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22776",
"datePublished": "2023-02-28T17:02:51.772Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2025-03-07T20:43:45.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22772 (GCVE-0-2023-22772)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:55 – Updated: 2025-03-07 20:45
VLAI?
EPSS
Title
Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion
Summary
An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Nikita Abramov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:45:25.359581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:45:37.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22772",
"datePublished": "2023-02-28T16:55:26.690Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2025-03-07T20:45:37.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22758 (GCVE-0-2023-22758)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:40 – Updated: 2025-03-07 18:07
VLAI?
EPSS
Title
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:07:46.963631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:07:58.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22758",
"datePublished": "2023-02-28T16:40:37.916Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:07:58.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22753 (GCVE-0-2023-22753)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:33 – Updated: 2025-03-11 14:07
VLAI?
EPSS
Title
Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.10.x.x: 8.10.0.4 and below
Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Haoliang Lu at the WuHeng Lab of ByteDance
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:07:45.158697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:07:56.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:52:33.182Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22753",
"datePublished": "2023-02-28T16:33:36.424Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-11T14:07:56.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22748 (GCVE-0-2023-22748)
Vulnerability from cvelistv5 – Published: 2023-02-28 15:59 – Updated: 2025-03-07 21:04
VLAI?
EPSS
Title
Multiple Unauthenticated Command Injections in the PAPI Protocol
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:03:48.350282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:04:02.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22748",
"datePublished": "2023-02-28T15:59:17.666Z",
"dateReserved": "2023-01-06T15:24:20.502Z",
"dateUpdated": "2025-03-07T21:04:02.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22777 (GCVE-0-2023-22777)
Vulnerability from cvelistv5 – Published: 2023-02-28 17:04 – Updated: 2025-03-07 20:43
VLAI?
EPSS
Title
Authenticated Information Disclosure in ArubaOS Web-based Management Interface
Summary
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
Severity ?
4.9 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Nikita Abramov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:43:05.260386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:43:18.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Information Disclosure in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22777",
"datePublished": "2023-02-28T17:04:20.522Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2025-03-07T20:43:18.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22760 (GCVE-0-2023-22760)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:42 – Updated: 2025-03-12 16:21
VLAI?
EPSS
Title
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Nikita Abramov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:05:41.258871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:21:55.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22760",
"datePublished": "2023-02-28T16:42:04.666Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-12T16:21:55.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22770 (GCVE-0-2023-22770)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:51 – Updated: 2025-03-07 18:01
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:01:22.677650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:01:36.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22770",
"datePublished": "2023-02-28T16:51:02.255Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2025-03-07T18:01:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22764 (GCVE-0-2023-22764)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:47 – Updated: 2025-03-11 14:06
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:05:57.731469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:06:12.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22764",
"datePublished": "2023-02-28T16:47:14.005Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:06:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22761 (GCVE-0-2023-22761)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:42 – Updated: 2025-03-07 18:05
VLAI?
EPSS
Title
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Nikita Abramov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:04:58.940898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:05:12.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22761",
"datePublished": "2023-02-28T16:42:41.162Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-07T18:05:12.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22768 (GCVE-0-2023-22768)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:49 – Updated: 2025-03-07 18:03
VLAI?
EPSS
Title
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:03:00.783625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:03:15.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22768",
"datePublished": "2023-02-28T16:49:39.531Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2025-03-07T18:03:15.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22751 (GCVE-0-2023-22751)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:28 – Updated: 2025-03-07 20:46
VLAI?
EPSS
Title
Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:45:54.194197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:46:05.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22751",
"datePublished": "2023-02-28T16:28:42.105Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-07T20:46:05.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22752 (GCVE-0-2023-22752)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:30 – Updated: 2025-03-11 14:08
VLAI?
EPSS
Title
Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Affected:
ArubaOS 8.6.x.x: 8.6.0.19 and below
Affected: ArubaOS 8.10.x.x: 8.10.0.4 and below Affected: ArubaOS 10.3.x.x: 10.3.1.0 and below Affected: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Date Public ?
2023-02-28 21:00
Credits
Erik de Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:08:46.233271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:08:57.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22752",
"datePublished": "2023-02-28T16:30:06.487Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-11T14:08:57.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…