CVE-2023-35979

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-35979
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
OR cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-07-05 15:15

Updated : 2023-07-11 17:49

NVD link : CVE-2023-35979

Mitre link : CVE-2023-35979

CVE.ORG link : CVE-2023-35979

JSON object : View

Products Affected

arubanetworks

  • mcr-hw-5k
  • mc-va-10
  • mcr-va-5k
  • mcr-hw-10k
  • mcr-va-10k
  • sd-wan
  • mc-va-1k
  • arubaos
  • mcr-va-1k
  • mcr-va-50
  • mcr-va-500
  • mcr-hw-1k
  • mc-va-50
  • mc-va-250
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')