CVE-2022-23684

Published: Sep 6, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Affected (3)

Products: Arubanetworks: Aos Cx

Arubanetworks

1 product

Aos Cx

Configuration A

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 10000	All versions

Configuration B

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 8325	All versions

Configuration C

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 8320	All versions

Configuration D

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 9300	All versions

Configuration E

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 8360	All versions

Configuration F

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 6400	All versions

Configuration G

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 6300	All versions

Configuration H

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 6200f	All versions

Configuration I

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 6100	All versions

Configuration J

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 6000	All versions

Configuration K

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 4100i	All versions

Configuration L

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks Aos Cx	From 10.06.0000 to 10.06.0210
Arubanetworks Aos Cx	From 10.08.0000 to 10.08.1070
Arubanetworks Aos Cx	From 10.09.0000 to 10.09.1030

Running on/with	Platform Versions
Arubanetworks Cx 8400	All versions

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.