Lucene search

[email protected]NVD:CVE-2023-38485

HistorySep 06, 2023 - 6:15 p.m.

CVE-2023-38485

2023-09-0618:15:08

CWE-787

[email protected]

web.nvd.nist.gov

aruba 9200 9000 series controllers gateways bios vulnerability execute arbitrary code early boot sequence gain access change sensitive information system compromise

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.

Affected configurations

NVD

Node

arubanetworksarubaosRange8.6.0.0–8.6.0.22

arubanetworksarubaosRange8.10.0.0–8.10.0.7

arubanetworksarubaosRange8.11.0.0–8.11.1.1

arubanetworksarubaosRange10.4.0.0–10.4.0.2

AND

arubanetworks9004Match-

arubanetworks9004-lteMatch-

arubanetworks9012Match-

arubanetworks9240Match-

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-38485

cve1 cvelist1 prion1