Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
12 Sep 2022, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt - Vendor Advisory | |
First Time |
Arubanetworks cx 6000
Arubanetworks cx 6400 Arubanetworks cx 8360 Arubanetworks cx 4100i Arubanetworks Arubanetworks cx 8400 Arubanetworks cx 6300 Arubanetworks cx 10000 Arubanetworks cx 8320 Arubanetworks cx 8325 Arubanetworks cx 9300 Arubanetworks aos-cx Arubanetworks cx 6200f Arubanetworks cx 6100 |
|
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23683
Mitre link : CVE-2022-23683
CVE.ORG link : CVE-2022-23683
JSON object : View
Products Affected
arubanetworks
- cx_8360
- cx_6200f
- cx_6400
- cx_6300
- cx_6000
- cx_8320
- cx_9300
- cx_4100i
- cx_8400
- cx_8325
- cx_6100
- cx_10000
- aos-cx
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')