Lucene search
HpeCVE-2023-39267HistoryAug 29, 2023 - 8:15 p.m.
CVE-2023-39267
2023-08-2920:15:09
hpe
web.nvd.nist.gov
30
cve-2023-39267
arubaos-switch
rce
dos
vulnerability
nvd
CVSS3
6.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
48.2%
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
Affected configurations
Node
hpearubaos-switchRange<a.15.16.0026
ORhpearubaos-switchRange16.01.0000–16.04.0027
ORhpearubaos-switchRange16.05.0000–16.08.0027
ORhpearubaos-switchRange16.10.0001–16.10.0024
ORhpearubaos-switchRange16.11.0001–16.11.0013
arubanetworksaruba_2530Match-
ORarubanetworksaruba_2530yaMatch-
ORarubanetworksaruba_2530ybMatch-
ORarubanetworksaruba_2540Match-
ORarubanetworksaruba_2920Match-
ORarubanetworksaruba_2930fMatch-
ORarubanetworksaruba_2930mMatch-
ORarubanetworksaruba_3810mMatch-
ORarubanetworksaruba_5406r_zl2Match-
ORarubanetworksaruba_5412r_zl2Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hpe | arubaos-switch | * | cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:* |
| arubanetworks | aruba_2530 | - | cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2530ya | - | cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2530yb | - | cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2540 | - | cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2920 | - | cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2930f | - | cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2930m | - | cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_3810m | - | cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_5406r_zl2 | - | cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "ArubaOS-Switch",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.09.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.07.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.06.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.05.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.03.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.02.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 16.01.xxxx: All versions."
},
{
"status": "affected",
"version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
}
]
}
]Related
prion
prion
Remote code execution
2023-08-29 20:15:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-39267
2023-08-29 20:15:09
cvelist
cvelist
CVSS3
6.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
48.2%
Related for CVE-2023-39267