AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
12 Sep 2022, 19:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Arubanetworks cx 6000
Arubanetworks cx 6400 Arubanetworks cx 8360 Arubanetworks cx 4100i Arubanetworks Arubanetworks cx 8400 Arubanetworks cx 6300 Arubanetworks cx 10000 Arubanetworks cx 8320 Arubanetworks cx 8325 Arubanetworks cx 9300 Arubanetworks aos-cx Arubanetworks cx 6200f Arubanetworks cx 6100 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* |
|
CWE | CWE-352 | |
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt - Vendor Advisory |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23680
Mitre link : CVE-2022-23680
CVE.ORG link : CVE-2022-23680
JSON object : View
Products Affected
arubanetworks
- cx_8360
- cx_6200f
- cx_6400
- cx_6300
- cx_6000
- cx_8320
- cx_9300
- cx_4100i
- cx_8400
- cx_8325
- cx_6100
- cx_10000
- aos-cx
CWE
CWE-352
Cross-Site Request Forgery (CSRF)