PT-2022-16192 · Aruba · Aruba Aos-Cx
Published
2022-09-06
·
Updated
2023-08-17
·
CVE-2022-23682
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ArubaOS-CX versions 10.09.1030 and below
ArubaOS-CX versions 10.08.1030 and below
ArubaOS-CX versions 10.06.0180 and below
Description
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system, leading to complete switch compromise.
Recommendations
For ArubaOS-CX versions 10.09.1030 and below, upgrade to a version above 10.09.1030.
For ArubaOS-CX versions 10.08.1030 and below, upgrade to a version above 10.08.1030.
For ArubaOS-CX versions 10.06.0180 and below, upgrade to a version above 10.06.0180.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aruba Aos-Cx