CVE-2023-22756
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
01/03/2023
Last modified:
07/11/2023
Description
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.<br />
<br />
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:* | 8.7.0.0-2.3.0.0 (including) | 8.7.0.0-2.3.0.8 (including) |
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* | 8.6.0.0 (including) | 8.6.0.19 (including) |
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* | 8.10.0.0 (including) | 8.10.0.4 (including) |
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* | 10.3.0.0 (including) | 10.3.1.0 (including) |
To consult the complete list of CPE names with products and versions, see this page