← Back to CVEs
CVE-2023-3718
HIGH8.8
Description
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published8/1/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
hpe:aruba_cx_10000-48y6hpe:aruba_cx_4100ihpe:aruba_cx_6000_12ghpe:aruba_cx_6000_24ghpe:aruba_cx_6000_48ghpe:aruba_cx_6100hpe:aruba_cx_6200fhpe:aruba_cx_6200f_48ghpe:aruba_cx_6200mhpe:aruba_cx_6200m_24ghpe:aruba_cx_6300m_24phpe:aruba_cx_6300m_48ghpe:aruba_cx_6405hpe:aruba_cx_6410hpe:aruba_cx_8320-32hpe:aruba_cx_8320-48phpe:aruba_cx_8325-32chpe:aruba_cx_8325-48y8chpe:aruba_cx_8360-12chpe:aruba_cx_8360-16y2chpe:aruba_cx_8360-24xf2chpe:aruba_cx_8360-32y4chpe:aruba_cx_8360-48xt4chpe:aruba_cx_8360-48y6chpe:aruba_cx_8400hpe:aruba_cx_9300_32dhpe:arubaos-cx
Weaknesses (CWE)
CWE-77
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt(security-alert@hpe.com)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.