CVE-2023-39268

A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS v3 4.5 MEDIUM

4.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt	Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::

OR	cpe:2.3:h:arubanetworks:aruba_2530:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2530ya:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2530yb:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2540:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2920:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2930f:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2930m:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_3810m:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:::::::*

History

21 Nov 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-29 20:15

Updated : 2024-11-21 08:15

NVD link : CVE-2023-39268

Mitre link : CVE-2023-39268

CVE.ORG link : CVE-2023-39268

JSON object : View

Products Affected

arubanetworks

aruba_2930m
aruba_5406r_zl2
aruba_5412r_zl2
aruba_3810m
aruba_2920
aruba_2530ya
aruba_2930f
aruba_2530
aruba_2530yb
aruba_2540

hpe

arubaos-switch

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-39268", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-29T20:15:09.830", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."}, {"lang": "es", "value": "Una vulnerabilidad de corrupci\u00f3n de memoria en ArubaOS-Switch podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado al recibir paquetes especialmente manipulados. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."}], "lastModified": "2024-11-21T08:15:01.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD", "versionEndExcluding": "a.15.16.0026"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9", "versionEndExcluding": "16.04.0027", "versionStartIncluding": "16.01.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0", "versionEndExcluding": "16.08.0027", "versionStartIncluding": "16.05.0000"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039", "versionEndExcluding": "16.10.0024", "versionStartIncluding": "16.10.0001"}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4", "versionEndExcluding": "16.11.0013", "versionStartIncluding": "16.11.0001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0"}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}