CVE-2023-22759 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

🗓️ 28 Feb 2023 16:41:28Reported by hpeType

Authenticated Remote Command Execution in ArubaOS Web-based Management Interfac

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability in the web interface for operating systems ArubaOS exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.	6 Mar 202300:00	–	bdu_fstec
Circl	CVE-2023-22759	2 Mar 202310:44	–	circl
CNNVD	Aruba Networks ArubaOS 命令注入漏洞	1 Mar 202300:00	–	cnnvd
CVE	CVE-2023-22759	28 Feb 202316:41	–	cve
EUVD	EUVD-2023-26877	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Aruba Networks OS	2 Mar 202300:00	–	ncsc
NVD	CVE-2023-22759	1 Mar 202308:15	–	nvd
OSV	CVE-2023-22759	1 Mar 202308:15	–	osv
Prion	Command injection	1 Mar 202308:15	–	prion
Positive Technologies	PT-2023-1584 · Aruba · Arubaos	28 Feb 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "affected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 8.6.x.x:  8.6.0.19 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x:   8.10.0.4 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.3.x.x:  10.3.1.0 and below"
      },
      {
        "status": "affected",
        "version": "SD-WAN 8.7.0.0-2.3.0.x:  8.7.0.0-2.3.0.8 and below"
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt

01 Mar 2023 05:45Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.2

EPSS0.01618