PT-2023-26466 · Aruba · Aruba 9200 Series Gateways+3

Nicholas Starke

Publicado

2023-09-06

Atualizado

2024-09-26

CVE-2023-38486

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Aruba 9200 and 9000 Series Controllers and Gateways (affected versions not specified)

Description A vulnerability in the secure boot implementation allows an attacker to bypass security controls, which would normally prohibit unsigned kernel images from executing. This enables the attacker to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2023-38486

Produtos afetados

Aruba 9000 Series Controllers

Aruba 9000 Series Gateways

Aruba 9200 Series Controllers

Aruba 9200 Series Gateways

PT-2023-26466 · Aruba · Aruba 9200 Series Gateways+3

CVE-2023-38486

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9