Lucene search

[email protected]NVD:CVE-2023-35978

HistoryJul 05, 2023 - 3:15 p.m.

CVE-2023-35978

2023-07-0515:15:09

CWE-79

[email protected]

web.nvd.nist.gov

arubaos

vulnerability

remote attacker

xss

attack

web-based management interface

execute arbitrary script code

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

30.1%

JSON

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.

Affected configurations

Nvd

Node

arubanetworksarubaosRange6.5.4.0–8.6.0.21

arubanetworksarubaosRange8.7.0.0–8.10.0.7

arubanetworksarubaosRange8.11.0.0–8.11.1.1

arubanetworksarubaosRange10.4.0.0–10.4.0.2

AND

arubanetworksmc-va-10Match-

arubanetworksmc-va-1kMatch-

arubanetworksmc-va-250Match-

arubanetworksmc-va-50Match-

arubanetworksmcr-va-10kMatch-

arubanetworksmcr-va-1kMatch-

arubanetworksmcr-va-50Match-

arubanetworksmcr-va-500Match-

arubanetworksmcr-va-5kMatch-

arubanetworkssd-wanMatch-

arubanetworksmcr-hw-10kMatch-

arubanetworksmcr-hw-1kMatch-

arubanetworksmcr-hw-5kMatch-

VendorProductVersionCPE
arubanetworksarubaos*cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
arubanetworksmc-va-10-cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*
arubanetworksmc-va-1k-cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*
arubanetworksmc-va-250-cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*
arubanetworksmc-va-50-cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*
arubanetworksmcr-va-10k-cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*
arubanetworksmcr-va-1k-cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*
arubanetworksmcr-va-50-cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*
arubanetworksmcr-va-500-cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*
arubanetworksmcr-va-5k-cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	arubaos	*	cpe:2.3:o:arubanetworks:arubaos::::::::
arubanetworks	mc-va-10	-	cpe:2.3:a:arubanetworks:mc-va-10:-:::::::*
arubanetworks	mc-va-1k	-	cpe:2.3:a:arubanetworks:mc-va-1k:-:::::::*
arubanetworks	mc-va-250	-	cpe:2.3:a:arubanetworks:mc-va-250:-:::::::*
arubanetworks	mc-va-50	-	cpe:2.3:a:arubanetworks:mc-va-50:-:::::::*
arubanetworks	mcr-va-10k	-	cpe:2.3:a:arubanetworks:mcr-va-10k:-:::::::*
arubanetworks	mcr-va-1k	-	cpe:2.3:a:arubanetworks:mcr-va-1k:-:::::::*
arubanetworks	mcr-va-50	-	cpe:2.3:a:arubanetworks:mcr-va-50:-:::::::*
arubanetworks	mcr-va-500	-	cpe:2.3:a:arubanetworks:mcr-va-500:-:::::::*
arubanetworks	mcr-va-5k	-	cpe:2.3:a:arubanetworks:mcr-va-5k:-:::::::*

Rows per page:

1-10 of 141

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

30.1%

JSON

Related for NVD:CVE-2023-35978

cvelist1 cve1 prion1 nessus1