7.2

CVE-2023-22764

Warning

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Data is provided by the National Vulnerability Database (NVD)
ArubanetworksArubaos Version >= 8.6.0.0 <= 8.6.0.19
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksArubaos Version >= 8.10.0.0 <= 8.10.0.4
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksArubaos Version >= 10.3.0.0 <= 10.3.1.0
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksSd-wan Version >= 8.7.0.0-2.3.0.0 <= 8.7.0.0-2.3.0.8
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.465
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security-alert@hpe.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.