CVE-2023-22759

Severity CVSS v4.0:
Pending analysis
Type:
CWE-77 Command Injection
Publication date:
01/03/2023
Last modified:
10/03/2023

Description

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:* 8.7.0.0-2.3.0.0 (including) 8.7.0.0-2.3.0.8 (including)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 8.6.0.0 (including) 8.6.0.19 (including)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 8.10.0.0 (including) 8.10.0.4 (including)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 10.3.0.0 (including) 10.3.1.0 (including)


References to Advisories, Solutions, and Tools