← Voltar para CVEs
CVE-2023-3718
HIGH8.8
Descricao
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado8/1/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
hpe:aruba_cx_10000-48y6hpe:aruba_cx_4100ihpe:aruba_cx_6000_12ghpe:aruba_cx_6000_24ghpe:aruba_cx_6000_48ghpe:aruba_cx_6100hpe:aruba_cx_6200fhpe:aruba_cx_6200f_48ghpe:aruba_cx_6200mhpe:aruba_cx_6200m_24ghpe:aruba_cx_6300m_24phpe:aruba_cx_6300m_48ghpe:aruba_cx_6405hpe:aruba_cx_6410hpe:aruba_cx_8320-32hpe:aruba_cx_8320-48phpe:aruba_cx_8325-32chpe:aruba_cx_8325-48y8chpe:aruba_cx_8360-12chpe:aruba_cx_8360-16y2chpe:aruba_cx_8360-24xf2chpe:aruba_cx_8360-32y4chpe:aruba_cx_8360-48xt4chpe:aruba_cx_8360-48y6chpe:aruba_cx_8400hpe:aruba_cx_9300_32dhpe:arubaos-cx
Fraquezas (CWE)
CWE-77
Referencias
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt(security-alert@hpe.com)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.