CVE-2022-23691

Published: Sep 6, 2022Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Affected (4)

Products: Arubanetworks: Aos Cx

Arubanetworks

1 product

Aos Cx

Configuration A

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 10000	All versions

Configuration B

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 8325	All versions

Configuration C

1 platform

Running on/with	Platform Versions
Arubanetworks Cx 8320	All versions

Configuration D

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks Aos Cx	From 10.06.0000 to 10.06.0210
Arubanetworks Aos Cx	From 10.08.0000 to 10.08.1070
Arubanetworks Aos Cx	From 10.09.0000 to 10.09.1030
Arubanetworks Aos Cx	From 10.10.0000 to 10.10.0002

Running on/with	Platform Versions
Arubanetworks Cx 9300	All versions

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.