PT-2022-16194 · Aruba · Arubaos-Cx Switches
Published
2022-09-06
·
Updated
2022-09-12
·
CVE-2022-23684
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ArubaOS-CX Switches versions 10.09.1020 and below
ArubaOS-CX Switches versions 10.08.1060 and below
ArubaOS-CX Switches versions 10.06.0200 and below
Description
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level.
Recommendations
For versions 10.09.1020 and below, upgrade to a version above 10.09.1020.
For versions 10.08.1060 and below, upgrade to a version above 10.08.1060.
For versions 10.06.0200 and below, upgrade to a version above 10.06.0200.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Arubaos-Cx Switches