CVE-2022-23677

Name of the Vulnerable Software and Affected Versions ArubaOS-Switch versions 15.xx.xxxx through 16.11.xxxx: ArubaOS-Switch 16.02.xxxx versions K.16.02.0033 and below ArubaOS-Switch 16.08.xxxx versions KB/WB/WC/YA/YB/YC.16.08.0024 and below ArubaOS-Switch 16.09.xxxx versions KB/WB/WC/YA/YB/YC.16.09.0019 and below ArubaOS-Switch 16.10.xxxx versions KB/WB/WC/YA/YB/YC.16.10.0019 and below ArubaOS-Switch 16.11.xxxx versions KB/WB/WC/YA/YB/YC.16.11.0003 and below

Description A remote execution of arbitrary code issue was discovered in ArubaOS-Switch Devices. The vulnerability is related to incorrect code generation management in the NanoSSL library of the switch's firmware. Exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For ArubaOS-Switch 15.xx.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.01.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.02.xxxx version K.16.02.0033 and below, update to a version above K.16.02.0033. For ArubaOS-Switch 16.03.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.04.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.05.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.06.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.07.xxxx, update to a version outside of the affected range. For ArubaOS-Switch 16.08.xxxx version KB/WB/WC/YA/YB/YC.16.08.0024 and below, update to a version above KB/WB/WC/YA/YB/YC.16.08.0024. For ArubaOS-Switch 16.09.xxxx version KB/WB/WC/YA/YB/YC.16.09.0019 and below, update to a version above KB/WB/WC/YA/YB/YC.16.09.0019. For ArubaOS-Switch 16.10.xxxx version KB/WB/WC/YA/YB/YC.16.10.0019 and below, update to a version above KB/WB/WC/YA/YB/YC.16.10.0019. For ArubaOS-Switch 16.11.xxxx version KB/WB/WC/YA/YB/YC.16.11.0003 and below, update to a version above KB/WB/WC/YA/YB/YC.16.11.0003.