Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
21 Nov 2024, 06:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt - Vendor Advisory |
12 Sep 2022, 18:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_4100i:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6000:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6100:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt - Vendor Advisory | |
CWE | CWE-78 |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2024-11-21 06:49
NVD link : CVE-2022-23681
Mitre link : CVE-2022-23681
CVE.ORG link : CVE-2022-23681
JSON object : View
Products Affected
arubanetworks
- cx_9300
- cx_6000
- cx_10000
- cx_6200f
- aos-cx
- cx_8325
- cx_6300
- cx_6400
- cx_6100
- cx_8360
- cx_4100i
- cx_8400
- cx_8320
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')