CVE-2023-22763

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

OR	cpe:2.3:h:arubanetworks:7010:-:::::::*
	cpe:2.3:h:arubanetworks:7030:-:::::::*
	cpe:2.3:h:arubanetworks:7205:-:::::::*
	cpe:2.3:h:arubanetworks:7210:-:::::::*
	cpe:2.3:h:arubanetworks:7220:-:::::::*
	cpe:2.3:h:arubanetworks:7240xm:-:::::::*
	cpe:2.3:h:arubanetworks:7280:-:::::::*
	cpe:2.3:h:arubanetworks:9004:-:::::::*
	cpe:2.3:h:arubanetworks:9004-lte:-:::::::*
	cpe:2.3:h:arubanetworks:9012:-:::::::*
	cpe:2.3:h:arubanetworks:mc-va-10:-:::::::*
	cpe:2.3:h:arubanetworks:mc-va-1k:-:::::::*
	cpe:2.3:h:arubanetworks:mc-va-250:-:::::::*
	cpe:2.3:h:arubanetworks:mc-va-50:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-10k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-1k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-5k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-va-10k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-va-1k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-va-50:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-va-500:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-va-5k:-:::::::*

Configuration 2 (hide)

cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-03-01 08:15

Updated : 2023-11-07 04:07

NVD link : CVE-2023-22763

Mitre link : CVE-2023-22763

CVE.ORG link : CVE-2023-22763

JSON object : View

Products Affected

arubanetworks

mcr-va-5k
mcr-hw-10k
mcr-va-10k
sd-wan
arubaos
7210
mc-va-250
7280
7205
mc-va-50
7010
mcr-va-1k
9004
mcr-va-500
7030
9004-lte
mcr-hw-5k
mc-va-10
7240xm
mc-va-1k
9012
mcr-va-50
7220
mcr-hw-1k

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2023-22763", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-03-01T08:15:13.500", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"}], "lastModified": "2023-11-07T04:07:22.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D"}, {"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F"}, {"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC"}, {"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A"}, {"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8"}, {"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045"}, {"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F"}, {"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42"}, {"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9"}, {"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2"}, {"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB"}, {"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1"}, {"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E"}, {"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29"}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}

7.2 /10