Lucene search

[email protected]CVE-2023-35971

HistoryJul 05, 2023 - 3:15 p.m.

CVE-2023-35971

2023-07-0515:15:09

CWE-79

[email protected]

web.nvd.nist.gov

arubaos

vulnerability

web-based management

remote attackers

stored xss

nvd

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.3%

JSON

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.

Affected configurations

NVD

Node

arubanetworksmc-va-10Match-

arubanetworksmc-va-1kMatch-

arubanetworksmc-va-250Match-

arubanetworksmc-va-50Match-

arubanetworksmcr-va-10kMatch-

arubanetworksmcr-va-1kMatch-

arubanetworksmcr-va-50Match-

arubanetworksmcr-va-500Match-

arubanetworksmcr-va-5kMatch-

arubanetworkssd-wanMatch-

arubanetworksmcr-hw-10kMatch-

arubanetworksmcr-hw-1kMatch-

arubanetworksmcr-hw-5kMatch-

AND

arubanetworksarubaosRange6.5.4.0–8.6.0.21

arubanetworksarubaosRange8.7.0.0–8.10.0.7

arubanetworksarubaosRange8.11.0.0–8.11.1.1

arubanetworksarubaosRange10.4.0.0–10.4.0.2

CPENameOperatorVersion
arubanetworks:arubaosarubanetworks arubaoslt8.6.0.21
arubanetworks:arubaosarubanetworks arubaoslt8.10.0.7
arubanetworks:arubaosarubanetworks arubaoslt8.11.1.1
arubanetworks:arubaosarubanetworks arubaoslt10.4.0.2

CPE	Name	Operator	Version
arubanetworks:arubaos	arubanetworks arubaos	lt	8.6.0.21
arubanetworks:arubaos	arubanetworks arubaos	lt	8.10.0.7
arubanetworks:arubaos	arubanetworks arubaos	lt	8.11.1.1
arubanetworks:arubaos	arubanetworks arubaos	lt	10.4.0.2

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "- ArubaOS 10.4.x.x:       10.4.0.1 and below"
      },
      {
        "status": "affected",
        "version": "- ArubaOS 8.11.x.x:       8.11.1.0 and below"
      },
      {
        "status": "affected",
        "version": "- ArubaOS 8.10.x.x:       8.10.0.6 and below"
      },
      {
        "status": "affected",
        "version": "- ArubaOS 8.6.x.x:         8.6.0.20 and below"
      }
    ]
  }
]