Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-1236
Vulnerability from csaf_certbund - Published: 2023-05-16 22:00 - Updated: 2023-05-25 22:00Summary
Aruba EdgeConnect: Mehrere Schwachstellen ermöglichen Übernahme der Kontrolle
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Aruba EdgeConnect ist eine SD-WAN-Produktfamilie für Unternehmenskunden.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Aruba EdgeConnect ausnutzen, um Informationen offenzulegen und um die Kontrolle über das System zu übernehmen.
Betroffene Betriebssysteme
- Hardware Appliance
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Aruba EdgeConnect ist eine SD-WAN-Produktfamilie f\u00fcr Unternehmenskunden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Aruba EdgeConnect ausnutzen, um Informationen offenzulegen und um die Kontrolle \u00fcber das System zu \u00fcbernehmen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1236 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1236.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1236 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1236"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory ARUBA-PSA-2023-007 vom 2023-05-26",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory vom 2023-05-23",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30510"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30509"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30508"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30507"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30506"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30505"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30504"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30503"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30502"
},
{
"category": "external",
"summary": "Nattional Vulnerability Database vom 2023-05-16",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30501"
}
],
"source_lang": "en-US",
"title": "Aruba EdgeConnect: Mehrere Schwachstellen erm\u00f6glichen \u00dcbernahme der Kontrolle",
"tracking": {
"current_release_date": "2023-05-25T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:51:03.275+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1236",
"initial_release_date": "2023-05-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-23T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Aruba"
},
{
"date": "2023-05-24T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: ARUBA-PSA-2023-0007"
},
{
"date": "2023-05-25T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Aruba aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Aruba EdgeConnect",
"product": {
"name": "Aruba EdgeConnect",
"product_id": "T027755",
"product_identification_helper": {
"cpe": "cpe:/a:aruba:edgeconnect:-"
}
}
}
],
"category": "vendor",
"name": "Aruba"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30510",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30510"
},
{
"cve": "CVE-2023-30509",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30509"
},
{
"cve": "CVE-2023-30508",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30508"
},
{
"cve": "CVE-2023-30507",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30507"
},
{
"cve": "CVE-2023-30506",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30506"
},
{
"cve": "CVE-2023-30505",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30505"
},
{
"cve": "CVE-2023-30504",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30504"
},
{
"cve": "CVE-2023-30503",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30503"
},
{
"cve": "CVE-2023-30502",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30502"
},
{
"cve": "CVE-2023-30501",
"notes": [
{
"category": "description",
"text": "In Aruba EdgeConnect existieren mehrere Schwachstellen im Commandline-Interface und im Web Management Interface. Ein authentisierter Angreifer kann dies ausnutzen, um beliebige Dateien zu lesen, sowie anderweitig Informationen offenzulegen und um beliebige Kommandos auf dem zugrunde liegenden Betriebssystem als \"root\" ausf\u00fchren und damit die Kontrolle \u00fcber das System \u00fcbernehmen."
}
],
"product_status": {
"known_affected": [
"T027755"
]
},
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30501"
}
]
}
CVE-2023-30510 (GCVE-0-2023-30510)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:56 – Updated: 2025-01-22 20:15
VLAI?
EPSS
Summary
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.
Severity ?
4.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:15:44.450178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:15:47.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u0026nbsp;web management interface that allows remote authenticated\u0026nbsp;users to issue arbitrary URL requests from the Aruba\u0026nbsp;EdgeConnect Enterprise instance. The impact of this\u0026nbsp;vulnerability is limited to a subset of URLs which can\u0026nbsp;result in the possible disclosure of data due to the network\u0026nbsp;position of the Aruba EdgeConnect Enterprise instance."
}
],
"value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:21.543Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Server-side Request Forgery in Aruba EdgeConnect Enterprise Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30510",
"datePublished": "2023-05-16T18:56:20.679Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:15:47.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30504 (GCVE-0-2023-30504)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 21:17
VLAI?
EPSS
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ all (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:17:26.261761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:29.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:20.990Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30504",
"datePublished": "2023-05-16T18:51:43.801Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T21:17:29.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30509 (GCVE-0-2023-30509)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:55 – Updated: 2025-01-22 20:16
VLAI?
EPSS
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:16:10.663092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:16:20.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:12.085Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30509",
"datePublished": "2023-05-16T18:55:05.306Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:16:20.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30505 (GCVE-0-2023-30505)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 21:17
VLAI?
EPSS
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:15:13.647822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:03.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:28:51.484Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30505",
"datePublished": "2023-05-16T18:51:46.597Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T21:17:03.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30503 (GCVE-0-2023-30503)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 20:17
VLAI?
EPSS
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:17:17.807109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:17:23.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:07.455Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30503",
"datePublished": "2023-05-16T18:51:40.985Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:17:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30508 (GCVE-0-2023-30508)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:55 – Updated: 2025-01-22 20:16
VLAI?
EPSS
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:16:52.627532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:16:57.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:31:00.335Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30508",
"datePublished": "2023-05-16T18:55:01.993Z",
"dateReserved": "2023-04-11T20:22:08.185Z",
"dateUpdated": "2025-01-22T20:16:57.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30506 (GCVE-0-2023-30506)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-31 14:57
VLAI?
EPSS
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T19:18:50.808636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T14:57:56.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:35.097Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30506",
"datePublished": "2023-05-16T18:51:50.159Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-31T14:57:56.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30501 (GCVE-0-2023-30501)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:49 – Updated: 2025-01-22 20:18
VLAI?
EPSS
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:18:20.539814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:18:23.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:29:28.332Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30501",
"datePublished": "2023-05-16T18:49:59.884Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:18:23.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30507 (GCVE-0-2023-30507)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:54 – Updated: 2025-01-31 14:57
VLAI?
EPSS
Summary
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T19:17:13.735322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T14:57:14.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u0026nbsp;Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u0026nbsp;operating system, including sensitive system files."
}
],
"value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:30:44.416Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30507",
"datePublished": "2023-05-16T18:54:48.679Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-31T14:57:14.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30502 (GCVE-0-2023-30502)
Vulnerability from cvelistv5 – Published: 2023-05-16 18:51 – Updated: 2025-01-22 20:17
VLAI?
EPSS
Summary
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba EdgeConnect Enterprise Software |
Affected:
ECOS 9.2.x.x , ≤ 9.2.3.0
(custom)
Affected: ECOS 9.1.x.x , ≤ 9.1.5.0 (custom) Affected: ECOS 9.0.x.x , ≤ 9.0.8.0 (custom) Affected: ECOS 8.x.x.x , ≤ all (custom) |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T20:17:47.608145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T20:17:51.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba EdgeConnect Enterprise Software",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "9.2.3.0",
"status": "affected",
"version": "ECOS 9.2.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.5.0",
"status": "affected",
"version": "ECOS 9.1.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.8.0",
"status": "affected",
"version": "ECOS 9.0.x.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "all",
"status": "affected",
"version": "ECOS 8.x.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-23T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u0026nbsp;command line interface that allow remote authenticated users\u0026nbsp;to run arbitrary commands on the underlying host. Successful\u0026nbsp;exploitation of these vulnerabilities result in the ability\u0026nbsp;to execute arbitrary commands as root on the underlying\u0026nbsp;operating system leading to complete system compromise."
}
],
"value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T14:29:39.932Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30502",
"datePublished": "2023-05-16T18:51:27.762Z",
"dateReserved": "2023-04-11T20:22:08.184Z",
"dateUpdated": "2025-01-22T20:17:51.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…