CVE-2022-23681

2022-09-0617:18:53

hpe

www.cve.org

aos-cx

command injection

authenticated

arubaos-cx

switch compromise

security vulnerabilities

AI Score

8.5

Confidence

High

EPSS

Percentile

13.1%

JSON

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.

CNA Affected

[
  {
    "product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below."
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt