An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
Summary | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. |
04 Mar 2023, 03:11
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
CWE | CWE-22 | |
CPE | cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:* |
|
First Time |
Arubanetworks mc-va-10
Arubanetworks mcr-hw-10k Arubanetworks mcr-hw-1k Arubanetworks 7205 Arubanetworks 7240xm Arubanetworks 7010 Arubanetworks 9012 Arubanetworks Arubanetworks sd-wan Arubanetworks 9004 Arubanetworks mcr-va-10k Arubanetworks 7210 Arubanetworks mc-va-1k Arubanetworks mc-va-50 Arubanetworks mcr-va-1k Arubanetworks 7220 Arubanetworks mc-va-250 Arubanetworks arubaos Arubanetworks 7280 Arubanetworks 7030 Arubanetworks mcr-hw-5k Arubanetworks mcr-va-50 Arubanetworks 9004-lte Arubanetworks mcr-va-5k Arubanetworks mcr-va-500 |
01 Mar 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-01 08:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22776
Mitre link : CVE-2023-22776
CVE.ORG link : CVE-2023-22776
JSON object : View
Products Affected
arubanetworks
- mcr-va-50
- mcr-hw-5k
- 7240xm
- mcr-va-1k
- 7030
- 9004
- mc-va-250
- mcr-va-10k
- arubaos
- 7010
- mcr-va-500
- 7205
- mcr-va-5k
- 7210
- mcr-hw-10k
- 9012
- mc-va-50
- sd-wan
- 9004-lte
- 7280
- mc-va-1k
- mcr-hw-1k
- 7220
- mc-va-10
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')