CVE-2022-23676

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

CVSS v3 9.8 CRITICAL
CVSS v2.0 9.3 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt	Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::

cpe:2.3:h:arubanetworks:5406r:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::

cpe:2.3:h:arubanetworks:3810m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::

cpe:2.3:h:arubanetworks:2920:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::

cpe:2.3:h:arubanetworks:2930f:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::

cpe:2.3:h:arubanetworks:2930m:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::

cpe:2.3:h:arubanetworks:2530:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::

cpe:2.3:h:arubanetworks:2540:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::

cpe:2.3:h:arubanetworks:5412r:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::

cpe:2.3:h:arubanetworks:2615:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::

cpe:2.3:h:arubanetworks:2620:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::

cpe:2.3:h:arubanetworks:2915:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type	Values Removed	Values Added
References	~~() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt - Vendor Advisory~~	() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt - Vendor Advisory

25 May 2022, 17:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 9.8
CPE		cpe:2.3:h:arubanetworks:3810m:-:::::::* cpe:2.3:h:arubanetworks:2915:-:::::::* cpe:2.3:h:arubanetworks:2930m:-:::::::* cpe:2.3:o:arubanetworks:2530_firmware:::::::: cpe:2.3:h:arubanetworks:5412r:-:::::::* cpe:2.3:o:arubanetworks:2915_firmware:::::::: cpe:2.3:h:arubanetworks:5406r:-:::::::* cpe:2.3:h:arubanetworks:2615:-:::::::* cpe:2.3:h:arubanetworks:2540:-:::::::* cpe:2.3:h:arubanetworks:2930f:-:::::::* cpe:2.3:o:arubanetworks:2930m_firmware:::::::: cpe:2.3:h:arubanetworks:2530:-:::::::* cpe:2.3:o:arubanetworks:2540_firmware:::::::: cpe:2.3:o:arubanetworks:2615_firmware:::::::: cpe:2.3:o:arubanetworks:2920_firmware:::::::: cpe:2.3:o:arubanetworks:5406r_firmware:::::::: cpe:2.3:o:arubanetworks:3810m_firmware:::::::: cpe:2.3:o:arubanetworks:5412r_firmware:::::::: cpe:2.3:o:arubanetworks:2620_firmware:::::::: cpe:2.3:h:arubanetworks:2920:-:::::::* cpe:2.3:o:arubanetworks:2930f_firmware:::::::: cpe:2.3:h:arubanetworks:2620:-:::::::*
CWE		CWE-787
References	~~(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt -~~	(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt - Vendor Advisory

10 May 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-10 19:15

Updated : 2024-11-21 06:49

NVD link : CVE-2022-23676

Mitre link : CVE-2022-23676

CVE.ORG link : CVE-2022-23676

JSON object : View

Products Affected

arubanetworks

2620
2530
2930f_firmware
2930m_firmware
2615_firmware
2915
2620_firmware
2920_firmware
2930f
2930m
5412r_firmware
2615
5406r
5412r
2540
2920
2540_firmware
3810m_firmware
5406r_firmware
2530_firmware
3810m
2915_firmware

CWE

CWE-787

Out-of-bounds Write

9.8 /10