Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
12 Sep 2022, 18:03
Type | Values Removed | Values Added |
---|---|---|
First Time |
Arubanetworks cx 6000
Arubanetworks cx 6400 Arubanetworks cx 8360 Arubanetworks cx 4100i Arubanetworks Arubanetworks cx 8400 Arubanetworks cx 6300 Arubanetworks cx 10000 Arubanetworks cx 8320 Arubanetworks cx 8325 Arubanetworks cx 9300 Arubanetworks aos-cx Arubanetworks cx 6200f Arubanetworks cx 6100 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-78 | |
CPE | cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt - Vendor Advisory |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23681
Mitre link : CVE-2022-23681
CVE.ORG link : CVE-2022-23681
JSON object : View
Products Affected
arubanetworks
- cx_10000
- cx_8320
- cx_4100i
- cx_6100
- cx_6300
- cx_8400
- aos-cx
- cx_8325
- cx_8360
- cx_6400
- cx_6000
- cx_6200f
- cx_9300
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')