PT-2022-16188 · Aruba · Arubaos-Cx Switches
Published
2022-09-06
·
Updated
2022-09-13
·
CVE-2022-23679
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ArubaOS-CX Switches versions 10.06.0200 and below
ArubaOS-CX Switches versions 10.08.1060 and below
ArubaOS-CX Switches versions 10.09.1020 and below
ArubaOS-CX Switches versions 10.10.0002 and below
Description
The issue is related to the lack of Anti-CSRF protections for state-changing operations in AOS-CX. This could potentially allow an attacker to execute commands in the context of another user.
Recommendations
For versions 10.06.0200 and below, update to a version above 10.06.0200.
For versions 10.08.1060 and below, update to a version above 10.08.1060.
For versions 10.09.1020 and below, update to a version above 10.09.1020.
For versions 10.10.0002 and below, update to a version above 10.10.0002.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arubaos-Cx Switches