Lucene search

[email protected]NVD:CVE-2023-3718

HistoryAug 01, 2023 - 7:15 p.m.

CVE-2023-3718

2023-08-0119:15:09

CWE-77

[email protected]

web.nvd.nist.gov

authenticated

vulnerability

aos-cx

command injection

os compromise

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.5%

JSON

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

Affected configurations

Nvd

Node

hpearubaos-cxRange10.10.0000–10.10.1050

hpearubaos-cxRange10.11.0000–10.11.1010

AND

hpearuba_cx_10000-48y6Match-

hpearuba_cx_4100iMatch-

hpearuba_cx_6000_12gMatch-

hpearuba_cx_6000_24gMatch-

hpearuba_cx_6000_48gMatch-

hpearuba_cx_6100Match-

hpearuba_cx_6200fMatch-

hpearuba_cx_6200f_48gMatch-

hpearuba_cx_6200mMatch-

hpearuba_cx_6200m_24gMatch-

hpearuba_cx_6300m_24pMatch-

hpearuba_cx_6300m_48gMatch-

hpearuba_cx_6405Match-

hpearuba_cx_6410Match-

hpearuba_cx_8320-32Match-

hpearuba_cx_8320-48pMatch-

hpearuba_cx_8325-32cMatch-

hpearuba_cx_8325-48y8cMatch-

hpearuba_cx_8360-12cMatch-

hpearuba_cx_8360-16y2cMatch-

hpearuba_cx_8360-24xf2cMatch-

hpearuba_cx_8360-32y4cMatch-

hpearuba_cx_8360-48xt4cMatch-

hpearuba_cx_8360-48y6cMatch-

hpearuba_cx_8400Match-

hpearuba_cx_9300_32dMatch-

VendorProductVersionCPE
hpearubaos-cx*cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
hpearuba_cx_10000-48y6-cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:*
hpearuba_cx_4100i-cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*
hpearuba_cx_6000_12g-cpe:2.3:h:hpe:aruba_cx_6000_12g:-:*:*:*:*:*:*:*
hpearuba_cx_6000_24g-cpe:2.3:h:hpe:aruba_cx_6000_24g:-:*:*:*:*:*:*:*
hpearuba_cx_6000_48g-cpe:2.3:h:hpe:aruba_cx_6000_48g:-:*:*:*:*:*:*:*
hpearuba_cx_6100-cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*
hpearuba_cx_6200f-cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*
hpearuba_cx_6200f_48g-cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:*
hpearuba_cx_6200m-cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hpe	arubaos-cx	*	cpe:2.3:o:hpe:arubaos-cx::::::::
hpe	aruba_cx_10000-48y6	-	cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:::::::*
hpe	aruba_cx_4100i	-	cpe:2.3:h:hpe:aruba_cx_4100i:-:::::::*
hpe	aruba_cx_6000_12g	-	cpe:2.3:h:hpe:aruba_cx_6000_12g:-:::::::*
hpe	aruba_cx_6000_24g	-	cpe:2.3:h:hpe:aruba_cx_6000_24g:-:::::::*
hpe	aruba_cx_6000_48g	-	cpe:2.3:h:hpe:aruba_cx_6000_48g:-:::::::*
hpe	aruba_cx_6100	-	cpe:2.3:h:hpe:aruba_cx_6100:-:::::::*
hpe	aruba_cx_6200f	-	cpe:2.3:h:hpe:aruba_cx_6200f:-:::::::*
hpe	aruba_cx_6200f_48g	-	cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:::::::*
hpe	aruba_cx_6200m	-	cpe:2.3:h:hpe:aruba_cx_6200m:-:::::::*

Rows per page:

1-10 of 271

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.5%

JSON

Related for NVD:CVE-2023-3718

prion1 cvelist1 cve1