PT-2022-2383 · Aruba · Arubaos-Switch

Published

2022-05-03

Updated

2022-05-25

CVE-2022-23676

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ArubaOS-Switch versions 15.xx.xxxx through 16.11.xxxx

Description A remote execution of arbitrary code issue was discovered, caused by a buffer overflow in the dynamic memory of the RADIUS protocol implementation. This allows a remote attacker to execute arbitrary code. The vulnerability affects various Aruba switch models, including Aruba 5400R, Aruba 3810, Aruba 2920, Aruba 2930F, Aruba 2930M, Aruba 2530, and Aruba 2540.

Recommendations For ArubaOS-Switch versions 15.xx.xxxx through 16.11.xxxx, upgrade to a version that addresses these security vulnerabilities, as released by Aruba. As a temporary workaround, consider restricting access to the RADIUS protocol implementation until a patch is available.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2022-02735

CVE-2022-23676

Affected Products

Arubaos-Switch

PT-2022-2383 · Aruba · Arubaos-Switch

CVE-2022-23676

Weakness Enumeration

Related Identifiers

Affected Products

References · 9