CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
32.5%
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Vendor | Product | Version | CPE |
---|---|---|---|
hpe | arubaos-cx | * | cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* |
hpe | aruba_cx_10000-48y6 | - | cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:* |
hpe | aruba_cx_4100i | - | cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6000_12g | - | cpe:2.3:h:hpe:aruba_cx_6000_12g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6000_24g | - | cpe:2.3:h:hpe:aruba_cx_6000_24g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6000_48g | - | cpe:2.3:h:hpe:aruba_cx_6000_48g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6100 | - | cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6200f | - | cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6200f_48g | - | cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:* |
hpe | aruba_cx_6200m | - | cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:* |