Lucene search

HpeCVELIST:CVE-2023-3718

HistoryAug 01, 2023 - 6:25 p.m.

CVE-2023-3718 Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface

2023-08-0118:25:10

hpe

www.cve.org

cve-2023-3718

aos-cx

command injection

vulnerability

operating system

switch

privileged user

exploitation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "AOS-CX"
    ],
    "product": "Aruba CX Switches",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "AOS-CX 10.11.xxxx: 10.11.1010 and below"
      },
      {
        "status": "affected",
        "version": "AOS-CX 10.10.xxxx: 10.10.1050 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON

Related for CVELIST:CVE-2023-3718