CVE-2022-23676
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.
Affected (77)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 5406r | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 3810m | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2920 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2930f | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2930m | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2530 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2540 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 5412r | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2615 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2620 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.00.0 to 15.16.0023 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 2915 | All versions |
References (2)
Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.