CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.1%
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Vendor | Product | Version | CPE |
---|---|---|---|
arubanetworks | aos-cx | * | cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* |
arubanetworks | cx_10000 | - | cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* |
arubanetworks | cx_8325 | - | cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* |
arubanetworks | cx_8320 | - | cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* |
arubanetworks | cx_9300 | - | cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:* |
arubanetworks | cx_8360 | - | cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:* |
arubanetworks | cx_6400 | - | cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:* |
arubanetworks | cx_6300 | - | cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:* |
arubanetworks | cx_6200f | - | cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:* |
arubanetworks | cx_6100 | - | cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:* |
[
{
"product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
}
]
}
]
More