7.2

CVE-2023-22769

Warnung

Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArubanetworksArubaos Version >= 8.6.0.0 <= 8.6.0.19
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksArubaos Version >= 8.10.0.0 <= 8.10.0.4
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksArubaos Version >= 10.3.0.0 <= 10.3.1.0
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksSd-wan Version >= 8.7.0.0-2.3.0.0 <= 8.7.0.0-2.3.0.8
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.819
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security-alert@hpe.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.