CVE-2022-23677

2022-05-10T19:15:00

Description

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

Affected Software

CPE Name	Name	Version
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	16.09.0020
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	16.10.0020
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	16.11.0004
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	16.08.0025
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	16.02.0034
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	16.04.0024
arubanetworks:5406r_firmware	arubanetworks 5406r firmware	15.16.0023
arubanetworks:2920_firmware	arubanetworks 2920 firmware	16.11.0004
arubanetworks:2920_firmware	arubanetworks 2920 firmware	16.10.0020
arubanetworks:2920_firmware	arubanetworks 2920 firmware	16.09.0020
arubanetworks:2920_firmware	arubanetworks 2920 firmware	16.08.0025
arubanetworks:2920_firmware	arubanetworks 2920 firmware	16.02.0034
arubanetworks:2920_firmware	arubanetworks 2920 firmware	16.04.0024
arubanetworks:2920_firmware	arubanetworks 2920 firmware	15.16.0023
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	16.09.0020
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	16.10.0020
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	16.11.0004
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	16.02.0034
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	16.08.0025
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	15.16.0023
arubanetworks:2930f_firmware	arubanetworks 2930f firmware	16.04.0024
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	16.11.0004
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	16.10.0020
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	16.09.0020
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	16.08.0025
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	16.02.0034
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	16.04.0024
arubanetworks:2930m_firmware	arubanetworks 2930m firmware	15.16.0023
arubanetworks:2530_firmware	arubanetworks 2530 firmware	16.11.0004
arubanetworks:2530_firmware	arubanetworks 2530 firmware	16.10.0020
arubanetworks:2530_firmware	arubanetworks 2530 firmware	16.09.0020
arubanetworks:2530_firmware	arubanetworks 2530 firmware	16.08.0025
arubanetworks:2530_firmware	arubanetworks 2530 firmware	16.02.0034
arubanetworks:2530_firmware	arubanetworks 2530 firmware	16.04.0024
arubanetworks:2530_firmware	arubanetworks 2530 firmware	15.16.0023
arubanetworks:2540_firmware	arubanetworks 2540 firmware	16.11.0004
arubanetworks:2540_firmware	arubanetworks 2540 firmware	16.10.0020
arubanetworks:2540_firmware	arubanetworks 2540 firmware	16.09.0020
arubanetworks:2540_firmware	arubanetworks 2540 firmware	16.08.0025
arubanetworks:2540_firmware	arubanetworks 2540 firmware	16.02.0034
arubanetworks:2540_firmware	arubanetworks 2540 firmware	16.04.0024
arubanetworks:2540_firmware	arubanetworks 2540 firmware	15.16.0023
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	16.09.0020
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	16.10.0020
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	16.11.0004
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	16.08.0025
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	16.02.0034
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	15.16.0023
arubanetworks:5412r_firmware	arubanetworks 5412r firmware	16.04.0024
arubanetworks:2615_firmware	arubanetworks 2615 firmware	16.11.0004
arubanetworks:2615_firmware	arubanetworks 2615 firmware	16.10.0020
arubanetworks:2615_firmware	arubanetworks 2615 firmware	16.09.0020
arubanetworks:2615_firmware	arubanetworks 2615 firmware	16.08.0025
arubanetworks:2615_firmware	arubanetworks 2615 firmware	16.04.0024
arubanetworks:2615_firmware	arubanetworks 2615 firmware	16.02.0034
arubanetworks:2615_firmware	arubanetworks 2615 firmware	15.16.0023
arubanetworks:2620_firmware	arubanetworks 2620 firmware	16.11.0004
arubanetworks:2620_firmware	arubanetworks 2620 firmware	16.10.0020
arubanetworks:2620_firmware	arubanetworks 2620 firmware	16.09.0020
arubanetworks:2620_firmware	arubanetworks 2620 firmware	16.08.0025
arubanetworks:2620_firmware	arubanetworks 2620 firmware	16.04.0024
arubanetworks:2620_firmware	arubanetworks 2620 firmware	16.02.0034
arubanetworks:2620_firmware	arubanetworks 2620 firmware	15.16.0023
arubanetworks:2915_firmware	arubanetworks 2915 firmware	16.11.0004
arubanetworks:2915_firmware	arubanetworks 2915 firmware	16.10.0020
arubanetworks:2915_firmware	arubanetworks 2915 firmware	16.09.0020
arubanetworks:2915_firmware	arubanetworks 2915 firmware	16.08.0025
arubanetworks:2915_firmware	arubanetworks 2915 firmware	16.04.0024
arubanetworks:2915_firmware	arubanetworks 2915 firmware	16.02.0034
arubanetworks:2915_firmware	arubanetworks 2915 firmware	15.16.0023
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	15.16.0023
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	16.02.0034
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	16.04.0024
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	16.08.0025
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	16.09.0020
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	16.10.0020
arubanetworks:3810m_firmware	arubanetworks 3810m firmware	16.11.0004

{"id": "CVE-2022-23677", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-23677", "description": "A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.", "published": "2022-05-10T19:15:00", "modified": "2022-05-25T17:26:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23677", "reporter": "security-alert@hpe.com", "references": ["https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt"], "cvelist": ["CVE-2022-23677"], "immutableFields": [], "lastseen": "2022-05-25T18:32:38", "viewCount": 20, "enchantments": {"twitter": {"counter": 2, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1529518483075104772", "text": " NEW: CVE-2022-23677 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; Arub... (click for more) Severity: HIGH https://t.co/AYrGJJp6pQ", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "vulnersScore": "PENDING"}, "_state": {"twitter": 1653504651}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:arubanetworks:2930m_firmware:16.04.0024", "cpe:/o:arubanetworks:2530_firmware:15.16.0023", "cpe:/o:arubanetworks:2930f_firmware:15.16.0023", "cpe:/o:arubanetworks:2920_firmware:15.16.0023", "cpe:/o:arubanetworks:2930f_firmware:16.09.0020", "cpe:/o:arubanetworks:2620_firmware:16.04.0024", "cpe:/o:arubanetworks:2540_firmware:15.16.0023", "cpe:/o:arubanetworks:2620_firmware:15.16.0023", "cpe:/o:arubanetworks:3810m_firmware:16.04.0024", "cpe:/o:arubanetworks:2930f_firmware:16.10.0020", "cpe:/o:arubanetworks:2530_firmware:16.04.0024", "cpe:/o:arubanetworks:2915_firmware:16.04.0024", "cpe:/o:arubanetworks:2540_firmware:16.04.0024", "cpe:/o:arubanetworks:3810m_firmware:15.16.0023", "cpe:/o:arubanetworks:2915_firmware:15.16.0023", "cpe:/o:arubanetworks:2930f_firmware:16.04.0024", "cpe:/o:arubanetworks:2920_firmware:16.04.0024", "cpe:/o:arubanetworks:5406r_firmware:15.16.0023", "cpe:/o:arubanetworks:2615_firmware:15.16.0023", "cpe:/o:arubanetworks:5412r_firmware:16.04.0024", "cpe:/o:arubanetworks:5412r_firmware:15.16.0023", "cpe:/o:arubanetworks:2930f_firmware:16.11.0004", "cpe:/o:arubanetworks:2615_firmware:16.04.0024", "cpe:/o:arubanetworks:2930m_firmware:15.16.0023"], "cpe23": ["cpe:2.3:o:arubanetworks:2620_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930f_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930m_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:5412r_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:5412r_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2530_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2620_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930f_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:3810m_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2615_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2915_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930f_firmware:16.09.0020:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930f_firmware:16.10.0020:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:3810m_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2915_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2920_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2540_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930m_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:5406r_firmware:15.16.0023:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2615_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2530_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2540_firmware:16.04.0024:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2930f_firmware:16.11.0004:*:*:*:*:*:*:*", "cpe:2.3:o:arubanetworks:2920_firmware:15.16.0023:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "affectedSoftware": [{"cpeName": "arubanetworks:5406r_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:5406r_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:5406r_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:5406r_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:5406r_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:5406r_firmware", "version": "16.04.0024", "operator": "lt", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:5406r_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 5406r firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2920_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2920 firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "16.09.0020", "operator": "le", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "16.10.0020", "operator": "le", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "16.11.0004", "operator": "le", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930f_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2930f firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2930m_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2930m firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2530_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2530 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:2540_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2540 firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:5412r_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 5412r firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2615_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2615 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2620_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2620 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:2915_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 2915 firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "15.16.0023", "operator": "le", "name": "arubanetworks 3810m firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "16.02.0034", "operator": "lt", "name": "arubanetworks 3810m firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "16.04.0024", "operator": "le", "name": "arubanetworks 3810m firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "16.08.0025", "operator": "lt", "name": "arubanetworks 3810m firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "16.09.0020", "operator": "lt", "name": "arubanetworks 3810m firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "16.10.0020", "operator": "lt", "name": "arubanetworks 3810m firmware"}, {"cpeName": "arubanetworks:3810m_firmware", "version": "16.11.0004", "operator": "lt", "name": "arubanetworks 3810m firmware"}], "affectedConfiguration": [{"name": "arubanetworks 5406r", "cpeName": "arubanetworks:5406r", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2920", "cpeName": "arubanetworks:2920", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2930f", "cpeName": "arubanetworks:2930f", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2930m", "cpeName": "arubanetworks:2930m", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2530", "cpeName": "arubanetworks:2530", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2540", "cpeName": "arubanetworks:2540", "version": "-", "operator": "eq"}, {"name": "arubanetworks 5412r", "cpeName": "arubanetworks:5412r", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2615", "cpeName": "arubanetworks:2615", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2620", "cpeName": "arubanetworks:2620", "version": "-", "operator": "eq"}, {"name": "arubanetworks 2915", "cpeName": "arubanetworks:2915", "version": "-", "operator": "eq"}, {"name": "arubanetworks 3810m", "cpeName": "arubanetworks:3810m", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndExcluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5406r_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:5406r:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2920_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2920:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndIncluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndIncluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndIncluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930f_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2930f:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2930m_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2930m:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2530_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2530:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2540_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2540:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:5412r_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:5412r:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2615_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2615:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2620_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2620:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:2915_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:2915:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:15.16.0023:*:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndIncluding": "15.16.0023", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:16.02.0034:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0", "versionEndExcluding": "16.02.0034", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:16.04.0024:*:*:*:*:*:*:*", "versionStartIncluding": "16.03.0", "versionEndIncluding": "16.04.0024", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:16.08.0025:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0", "versionEndExcluding": "16.08.0025", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:16.09.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.09.0", "versionEndExcluding": "16.09.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:16.10.0020:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0", "versionEndExcluding": "16.10.0020", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:arubanetworks:3810m_firmware:16.11.0004:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.0004", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:arubanetworks:3810m:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt", "refsource": "MISC", "tags": ["Vendor Advisory"]}]}

{"checkpoint_advisories": [{"lastseen": "2022-06-15T16:06:30", "description": "A heap overflow vulnerability exists in Aruba ArubaOS devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T00:00:00", "type": "checkpoint_advisories", "title": "Aruba ArubaOS Heap Overflow (CVE-2022-23677)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23677"], "modified": "2022-06-15T00:00:00", "id": "CPAI-2022-0252", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:39:25", "description": "[![Aruba and Avaya Network Switches](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEifhl02wSBK-MpEbMvpMyBUw_fJSRVjj5iP6VcIt7Z53t09RvVgDURrcKQ-9GKA1wb0yWO2M_L3XQ9Y6QxAJ2AS7KUc-MgyUDZCIxylvaGqhPEmoc5d-q4X1L_ruyh6q_3d3VnXfgvyKp-4hI2eohjJcGCbpZYWwQ_sXY9ujZJa4PWm20XWvzqiqJcg/s728-e1000/hack.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEifhl02wSBK-MpEbMvpMyBUw_fJSRVjj5iP6VcIt7Z53t09RvVgDURrcKQ-9GKA1wb0yWO2M_L3XQ9Y6QxAJ2AS7KUc-MgyUDZCIxylvaGqhPEmoc5d-q4X1L_ruyh6q_3d3VnXfgvyKp-4hI2eohjJcGCbpZYWwQ_sXY9ujZJa4PWm20XWvzqiqJcg/s728-e100/hack.jpg>)\n\nCybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information.\n\nThe findings follow the March disclosure of [TLStorm](<https://thehackernews.com/2022/03/critical-bugs-could-let-attackers.html>), a set of three critical flaws in APC Smart-UPS devices that could permit an attacker to take over control and, worse, physically damage the appliances.\n\nIoT security firm Armis, which uncovered the shortcomings, noted that the design flaws can be traced back to a common source: a misuse of [NanoSSL](<https://www.mocana.com/hubfs/pages-resources/datasheets/datasheet-Mocana-NanoSSL.pdf>), a standards-based SSL developer suite from Mocana, a DigiCert subsidiary.\n\nThe new set of flaws, dubbed [**TLStorm 2.0**](<https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/>), renders Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities, enabling an adversary to commandeer the devices, move laterally across the network, and exfiltrate sensitive data.\n\nAffected devices include Avaya ERS3500 Series, ERS3600 Series, ERS4900 Series, and ERS5900 Series as well as Aruba 5400R Series, 3810 Series, 2920 Series, 2930F Series, 2930M Series, 2530 Series, and 2540 Series.\n\nArmis chalked up the flaws to an \"edge case,\" a failure to adhere to guidelines pertaining to the NanoSSL library that could result in remote code execution. The list of bugs is as follows -\n\n * **CVE-2022-23676** (CVSS score: 9.1) - Two memory corruption vulnerabilities in the [RADIUS](<https://www.arubanetworks.com/techdocs/ClearPass/6.7/PolicyManager/index.htm#CPPM_UserGuide/PolicySim/PS_RADIUS.htm>) client implementation of Aruba switches\n * **CVE-2022-23677** (CVSS score: 9.0) - NanoSSL misuse on multiple interfaces in Aruba switches\n * **CVE-2022-29860** (CVSS score: 9.8) - TLS reassembly heap overflow vulnerability in Avaya switches\n * **CVE-2022-29861** (CVSS score: 9.8) - HTTP header parsing stack overflow vulnerability in Avaya switches\n * HTTP POST request handling heap overflow vulnerability in a discontinued Avaya product line (no CVE)\n\nEven more concerningly, the vulnerabilities found in Avaya switches are [zero-click](<https://en.wikipedia.org/wiki/Exploit_\\(computer_security\\)#Zero-click>), meaning they can be activated via unauthenticated network packets without any user interaction.\n\n\"These research findings are significant as they highlight that the network infrastructure itself is at risk and exploitable by attackers, meaning that network segmentation alone is no longer sufficient as a security measure,\" Barak Hadad, head of research in engineering at Armis, said. \n\nOrganizations deploying impacted Avaya and Aruba devices are highly recommended to apply the patches to mitigate any potential exploit attempts.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-05-03T14:14:00", "type": "thn", "title": "Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-23676", "CVE-2022-23677", "CVE-2022-29860", "CVE-2022-29861"], "modified": "2022-05-04T07:33:27", "id": "THN:741ACCA5AD5A53FB5508E5155665FB79", "href": "https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}

CVE-2022-23677

Description

Affected Software

Related