An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
References
| Link | Resource |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Aug 2023, 17:08
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CWE | CWE-77 | |
| First Time |
Hpe aruba Cx 8400
Hpe aruba Cx 8320-48p Hpe aruba Cx 6000 12g Hpe aruba Cx 6000 48g Hpe arubaos-cx Hpe aruba Cx 8325-48y8c Hpe aruba Cx 8360-48y6c Hpe Hpe aruba Cx 6405 Hpe aruba Cx 8360-12c Hpe aruba Cx 6300m 24p Hpe aruba Cx 6200m Hpe aruba Cx 6200f 48g Hpe aruba Cx 9300 32d Hpe aruba Cx 6200f Hpe aruba Cx 6000 24g Hpe aruba Cx 6300m 48g Hpe aruba Cx 4100i Hpe aruba Cx 6100 Hpe aruba Cx 6200m 24g Hpe aruba Cx 8360-24xf2c Hpe aruba Cx 8360-32y4c Hpe aruba Cx 8325-32c Hpe aruba Cx 8320-32 Hpe aruba Cx 8360-16y2c Hpe aruba Cx 8360-48xt4c Hpe aruba Cx 6410 Hpe aruba Cx 10000-48y6 |
|
| References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt - Mitigation, Vendor Advisory | |
| CPE | cpe:2.3:h:hpe:aruba_cx_6300m_48g:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8320-48p:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6200m_24g:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6000_24g:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6200f_48g:-:*:*:*:*:*:*:* cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8320-32:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_9300_32d:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6300m_24p:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6000_12g:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_6000_48g:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_10000-48y6:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:* |
01 Aug 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-01 19:15
Updated : 2023-08-08 17:08
NVD link : CVE-2023-3718
Mitre link : CVE-2023-3718
JSON object : View
Products Affected
hpe
- aruba_cx_6000_24g
- aruba_cx_6200f
- aruba_cx_6410
- aruba_cx_8360-12c
- aruba_cx_8320-48p
- aruba_cx_8400
- aruba_cx_8325-32c
- aruba_cx_6200m
- aruba_cx_8360-32y4c
- aruba_cx_6300m_24p
- aruba_cx_6100
- aruba_cx_6000_48g
- aruba_cx_10000-48y6
- aruba_cx_4100i
- arubaos-cx
- aruba_cx_8360-48y6c
- aruba_cx_8360-48xt4c
- aruba_cx_6300m_48g
- aruba_cx_6200m_24g
- aruba_cx_6000_12g
- aruba_cx_9300_32d
- aruba_cx_8360-24xf2c
- aruba_cx_8320-32
- aruba_cx_6405
- aruba_cx_6200f_48g
- aruba_cx_8360-16y2c
- aruba_cx_8325-48y8c
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')