Vulnerabilities (CVE)

Filtered by vendor Hpe Subscribe
Filtered by product Aruba Cx 4100i
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-20001 6 Balasys, F5, Hpe and 3 more 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more 2024-04-23 5.0 MEDIUM 7.5 HIGH
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVE-2023-3718 1 Hpe 27 Aruba Cx 10000-48y6, Aruba Cx 4100i, Aruba Cx 6000 12g and 24 more 2024-02-05 N/A 8.8 HIGH
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.