CVE-2023-39268
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.0%
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hpe | arubaos-switch | * | cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:* |
| arubanetworks | aruba_2530 | - | cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2530ya | - | cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2530yb | - | cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2540 | - | cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2920 | - | cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2930f | - | cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_2930m | - | cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_3810m | - | cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:* |
| arubanetworks | aruba_5406r_zl2 | - | cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.0%