An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
11 Jul 2023, 19:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
First Time |
Arubanetworks mcr-va-10k
Arubanetworks arubaos Arubanetworks mcr-hw-1k Arubanetworks mcr-va-1k Arubanetworks mcr-va-5k Arubanetworks mc-va-10 Arubanetworks sd-wan Arubanetworks mcr-va-500 Arubanetworks Arubanetworks mcr-hw-5k Arubanetworks mc-va-250 Arubanetworks mc-va-1k Arubanetworks mcr-va-50 Arubanetworks mc-va-50 Arubanetworks mcr-hw-10k |
|
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:* |
05 Jul 2023, 16:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-05 15:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-35975
Mitre link : CVE-2023-35975
CVE.ORG link : CVE-2023-35975
JSON object : View
Products Affected
arubanetworks
- mc-va-50
- mcr-hw-1k
- mcr-hw-5k
- mcr-va-10k
- mcr-va-500
- mcr-va-5k
- mc-va-10
- mcr-va-1k
- mc-va-1k
- arubaos
- mcr-hw-10k
- sd-wan
- mc-va-250
- mcr-va-50
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')