A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
12 Sep 2022, 14:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-668 | |
First Time |
Arubanetworks cx 6000
Arubanetworks cx 6400 Arubanetworks cx 8360 Arubanetworks cx 4100i Arubanetworks Arubanetworks cx 8400 Arubanetworks cx 6300 Arubanetworks cx 10000 Arubanetworks cx 8320 Arubanetworks cx 8325 Arubanetworks cx 9300 Arubanetworks aos-cx Arubanetworks cx 6200f Arubanetworks cx 6100 |
|
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt - Vendor Advisory | |
CPE | cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23690
Mitre link : CVE-2022-23690
CVE.ORG link : CVE-2022-23690
JSON object : View
Products Affected
arubanetworks
- cx_10000
- cx_8320
- cx_4100i
- cx_6100
- cx_6300
- cx_8400
- aos-cx
- cx_8325
- cx_8360
- cx_6400
- cx_6000
- cx_6200f
- cx_9300
CWE