Lucene search

K
cve[email protected]CVE-2023-22776
HistoryMar 01, 2023 - 8:15 a.m.

CVE-2023-22776

2023-03-0108:15:14
CWE-22
web.nvd.nist.gov
22
cve-2023-22776
arubaos
command line interface
path traversal
vulnerability
authenticated
operating system
nvd

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

Affected configurations

NVD
Node
arubanetworksarubaosRange8.6.0.08.6.0.19
OR
arubanetworksarubaosRange8.10.0.08.10.0.4
OR
arubanetworksarubaosRange10.3.0.010.3.1.0
AND
arubanetworks7010Match-
OR
arubanetworks7030Match-
OR
arubanetworks7205Match-
OR
arubanetworks7210Match-
OR
arubanetworks7220Match-
OR
arubanetworks7240xmMatch-
OR
arubanetworks7280Match-
OR
arubanetworks9004Match-
OR
arubanetworks9004-lteMatch-
OR
arubanetworks9012Match-
OR
arubanetworksmc-va-10Match-
OR
arubanetworksmc-va-1kMatch-
OR
arubanetworksmc-va-250Match-
OR
arubanetworksmc-va-50Match-
OR
arubanetworksmcr-hw-10kMatch-
OR
arubanetworksmcr-hw-1kMatch-
OR
arubanetworksmcr-hw-5kMatch-
OR
arubanetworksmcr-va-10kMatch-
OR
arubanetworksmcr-va-1kMatch-
OR
arubanetworksmcr-va-50Match-
OR
arubanetworksmcr-va-500Match-
OR
arubanetworksmcr-va-5kMatch-
Node
arubanetworkssd-wanRange8.7.0.0-2.3.0.08.7.0.0-2.3.0.8

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 8.6.x.x:  8.6.0.19 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x:   8.10.0.4 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.3.x.x:  10.3.1.0 and below"
      },
      {
        "status": "affected",
        "version": "SD-WAN 8.7.0.0-2.3.0.x:  8.7.0.0-2.3.0.8 and below"
      }
    ]
  }
]

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

Related for CVE-2023-22776