CVE-2022-23684

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/09/2022
Last modified:
12/09/2022

Description

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.06.0000 (including) 10.06.0210 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.08.0000 (including) 10.08.1070 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.09.0000 (including) 10.09.1030 (excluding)
cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.06.0000 (including) 10.06.0210 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.08.0000 (including) 10.08.1070 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.09.0000 (including) 10.09.1030 (excluding)
cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.06.0000 (including) 10.06.0210 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.08.0000 (including) 10.08.1070 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.09.0000 (including) 10.09.1030 (excluding)
cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.06.0000 (including) 10.06.0210 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.08.0000 (including) 10.08.1070 (excluding)
cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:* 10.09.0000 (including) 10.09.1030 (excluding)


References to Advisories, Solutions, and Tools