fkie_nvd - fkie_cve-2023-22768

fkie_cve-2023-22768

Vulnerability from fkie_nvd

Published

2023-03-01 08:15

Modified

2024-11-21 07:45

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

References

	URL	Tags
	security-alert@hpe.com	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	7010	-
arubanetworks	7030	-
arubanetworks	7205	-
arubanetworks	7210	-
arubanetworks	7220	-
arubanetworks	7240xm	-
arubanetworks	7280	-
arubanetworks	9004	-
arubanetworks	9004-lte	-
arubanetworks	9012	-
arubanetworks	mc-va-10	-
arubanetworks	mc-va-1k	-
arubanetworks	mc-va-250	-
arubanetworks	mc-va-50	-
arubanetworks	mcr-hw-10k	-
arubanetworks	mcr-hw-1k	-
arubanetworks	mcr-hw-5k	-
arubanetworks	mcr-va-10k	-
arubanetworks	mcr-va-1k	-
arubanetworks	mcr-va-50	-
arubanetworks	mcr-va-500	-
arubanetworks	mcr-va-5k	-
arubanetworks	sd-wan	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
              "versionEndIncluding": "8.6.0.19",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
              "versionEndIncluding": "8.10.0.4",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
              "versionEndIncluding": "10.3.1.0",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
              "versionEndIncluding": "8.7.0.0-2.3.0.8",
              "versionStartIncluding": "8.7.0.0-2.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
    }
  ],
  "id": "CVE-2023-22768",
  "lastModified": "2024-11-21T07:45:23.337",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-01T08:15:13.833",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-22768 (GCVE-0-2023-22768)

Vulnerability from cvelistv5

Published

2023-02-28 16:49

Modified

2025-03-07 18:03

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

References

URL

Tags

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt