CVE-2023-30510

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::

History

07 Jul 2023, 15:15

Type	Values Removed	Values Added
References	{'url': 'https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-0007.txt', 'name': 'https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-0007.txt', 'tags': ['Broken Link', 'Vendor Advisory'], 'refsource': 'MISC'}	(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt -

25 May 2023, 15:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CPE		cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
References	~~(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-0007.txt -~~	(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-0007.txt - Broken Link, Vendor Advisory
CWE		NVD-CWE-noinfo

16 May 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-16 19:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-30510

Mitre link : CVE-2023-30510

CVE.ORG link : CVE-2023-30510

JSON object : View

Products Affected

arubanetworks

edgeconnect_enterprise

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-30510", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}]}, "published": "2023-05-16T19:15:10.140", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt", "source": "security-alert@hpe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance."}], "lastModified": "2023-07-07T15:15:10.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743", "versionEndIncluding": "9.0.8.0"}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B", "versionEndIncluding": "9.1.5.0", "versionStartIncluding": "9.1.0.0"}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154", "versionEndIncluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}