CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
32.5%
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Vendor | Product | Version | CPE |
---|---|---|---|
hpe | arubaos-cx | * | cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* |
hpe | aruba_cx_10000-48y6 | - | cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:* |
hpe | aruba_cx_4100i | - | cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6000_12g | - | cpe:2.3:h:hpe:aruba_cx_6000_12g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6000_24g | - | cpe:2.3:h:hpe:aruba_cx_6000_24g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6000_48g | - | cpe:2.3:h:hpe:aruba_cx_6000_48g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6100 | - | cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6200f | - | cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6200f_48g | - | cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6200m | - | cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"platforms": [
"AOS-CX"
],
"product": "Aruba CX Switches",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "AOS-CX 10.11.xxxx: 10.11.1010 and below"
},
{
"status": "affected",
"version": "AOS-CX 10.10.xxxx: 10.10.1050 and below"
}
]
}
]