CVE-2023-39266

{"id": "CVE-2023-39266", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2023-08-29T20:15:09.637", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de ArubaOS-Switch podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz, siempre que ciertas opciones de configuraci\u00f3n est\u00e9n presentes. Un exploit exitoso podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de la v\u00edctima en el contexto de la interfaz afectada."}], "lastModified": "2023-09-11T13:38:57.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD", "versionEndExcluding": "a.15.16.0026"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9", "versionEndExcluding": "16.04.0027", "versionStartIncluding": "16.01.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0", "versionEndExcluding": "16.08.0027", "versionStartIncluding": "16.05.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039", "versionEndExcluding": "16.10.0024", "versionStartIncluding": "16.10.0001"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4", "versionEndExcluding": "16.11.0013", "versionStartIncluding": "16.11.0001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}