7.2

CVE-2023-22773

Warning

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.

Data is provided by the National Vulnerability Database (NVD)
ArubanetworksArubaos Version >= 8.6.0.0 <= 8.6.0.19
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksArubaos Version >= 8.10.0.0 <= 8.10.0.4
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksArubaos Version >= 10.3.0.0 <= 10.3.1.0
   Arubanetworks7010 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
   ArubanetworksMc-va-10 Version-
   ArubanetworksMc-va-1k Version-
   ArubanetworksMc-va-250 Version-
   ArubanetworksMc-va-50 Version-
   ArubanetworksMcr-hw-10k Version-
   ArubanetworksMcr-hw-1k Version-
   ArubanetworksMcr-hw-5k Version-
   ArubanetworksMcr-va-10k Version-
   ArubanetworksMcr-va-1k Version-
   ArubanetworksMcr-va-50 Version-
   ArubanetworksMcr-va-500 Version-
   ArubanetworksMcr-va-5k Version-
ArubanetworksSd-wan Version >= 8.7.0.0-2.3.0.0 <= 8.7.0.0-2.3.0.8
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.42% 0.59
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
security-alert@hpe.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.