Lucene search

HpeCVE-2023-1168

HistoryMar 22, 2023 - 6:15 a.m.

CVE-2023-1168

2023-03-2206:15:09

hpe

web.nvd.nist.gov

cve-2023-1168

authenticated

remote code execution

vulnerability

aos-cx

network analytics engine

nvd

exploit

arbitrary code

privileged user

operating system

compromise

switch

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

54.2%

JSON

An authenticated remote code execution vulnerability
exists in the AOS-CX Network Analytics Engine. Successful
exploitation of this vulnerability results in the ability to
execute arbitrary code as a privileged user on the underlying
operating system, leading to a complete compromise of the
switch running AOS-CX.

Affected configurations

Nvd

Node

hpearubaos-cxRange10.06.0000–10.06.0240

hpearubaos-cxRange10.08.0000–10.08.1070

hpearubaos-cxRange10.09.0000–10.09.1020

hpearubaos-cxRange10.10.0000–10.10.1030

AND

hpearuba_cx_10000-48y6Match-

hpearuba_cx_6200f_48gMatch-

hpearuba_cx_6200m_24gMatch-

hpearuba_cx_6300m_24pMatch-

hpearuba_cx_6300m_48gMatch-

hpearuba_cx_6405Match-

hpearuba_cx_6410Match-

hpearuba_cx_8320-32Match-

hpearuba_cx_8320-48pMatch-

hpearuba_cx_8325-32cMatch-

hpearuba_cx_8325-48y8cMatch-

hpearuba_cx_8360-12cMatch-

hpearuba_cx_8360-16y2cMatch-

hpearuba_cx_8360-24xf2cMatch-

hpearuba_cx_8360-32y4cMatch-

hpearuba_cx_8360-48xt4cMatch-

hpearuba_cx_8360-48y6cMatch-

hpearuba_cx_8400Match-

hpearuba_cx_9300_32dMatch-

VendorProductVersionCPE
hpearubaos-cx*cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
hpearuba_cx_10000-48y6-cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:*
hpearuba_cx_6200f_48g-cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:*
hpearuba_cx_6200m_24g-cpe:2.3:h:hpe:aruba_cx_6200m_24g:-:*:*:*:*:*:*:*
hpearuba_cx_6300m_24p-cpe:2.3:h:hpe:aruba_cx_6300m_24p:-:*:*:*:*:*:*:*
hpearuba_cx_6300m_48g-cpe:2.3:h:hpe:aruba_cx_6300m_48g:-:*:*:*:*:*:*:*
hpearuba_cx_6405-cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*
hpearuba_cx_6410-cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*
hpearuba_cx_8320-32-cpe:2.3:h:hpe:aruba_cx_8320-32:-:*:*:*:*:*:*:*
hpearuba_cx_8320-48p-cpe:2.3:h:hpe:aruba_cx_8320-48p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hpe	arubaos-cx	*	cpe:2.3:o:hpe:arubaos-cx::::::::
hpe	aruba_cx_10000-48y6	-	cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:::::::*
hpe	aruba_cx_6200f_48g	-	cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:::::::*
hpe	aruba_cx_6200m_24g	-	cpe:2.3:h:hpe:aruba_cx_6200m_24g:-:::::::*
hpe	aruba_cx_6300m_24p	-	cpe:2.3:h:hpe:aruba_cx_6300m_24p:-:::::::*
hpe	aruba_cx_6300m_48g	-	cpe:2.3:h:hpe:aruba_cx_6300m_48g:-:::::::*
hpe	aruba_cx_6405	-	cpe:2.3:h:hpe:aruba_cx_6405:-:::::::*
hpe	aruba_cx_6410	-	cpe:2.3:h:hpe:aruba_cx_6410:-:::::::*
hpe	aruba_cx_8320-32	-	cpe:2.3:h:hpe:aruba_cx_8320-32:-:::::::*
hpe	aruba_cx_8320-48p	-	cpe:2.3:h:hpe:aruba_cx_8320-48p:-:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "AOS-CX"
    ],
    "product": "Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "AOS-CX 10.10.xxxx: 10.10.1020 and below."
      },
      {
        "status": "affected",
        "version": "AOS-CX 10.09.xxxx: 10.09.1020 and below."
      },
      {
        "status": "affected",
        "version": "AOS-CX 10.08.xxxx: 10.08.1070 and below."
      },
      {
        "status": "affected",
        "version": "AOS-CX 10.06.xxxx: 10.06.0230 and below."
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

54.2%

JSON

Related for CVE-2023-1168