CVE-2022-23683
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
06/09/2022
Last modified:
12/09/2022
Description
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.06.0000 (including) | 10.06.0220 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.08.0000 (including) | 10.08.1080 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.09.0000 (including) | 10.09.1040 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.10.0000 (including) | 10.10.1000 (excluding) |
| cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.06.0000 (including) | 10.06.0220 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.08.0000 (including) | 10.08.1080 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.09.0000 (including) | 10.09.1040 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.10.0000 (including) | 10.10.1000 (excluding) |
| cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.06.0000 (including) | 10.06.0220 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.08.0000 (including) | 10.08.1080 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.09.0000 (including) | 10.09.1040 (excluding) |
| cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* | 10.10.0000 (including) | 10.10.1000 (excluding) |
| cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



