PT-2022-16193 · Aruba · Arubaos-Cx Switches
Published
2022-09-06
·
Updated
2022-09-12
·
CVE-2022-23683
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ArubaOS-CX Switches versions 10.06.0210 and below
ArubaOS-CX Switches versions 10.08.1070 and below
ArubaOS-CX Switches versions 10.09.1030 and below
ArubaOS-CX Switches versions 10.10.0002 and below
Description
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.
Recommendations
For versions 10.06.0210 and below, upgrade to a newer version to address the security vulnerabilities.
For versions 10.08.1070 and below, upgrade to a newer version to address the security vulnerabilities.
For versions 10.09.1030 and below, upgrade to a newer version to address the security vulnerabilities.
For versions 10.10.0002 and below, upgrade to a newer version to address the security vulnerabilities.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arubaos-Cx Switches