CVE-2023-45616

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:::::::*
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::

History

No history.

Information

Published : 2023-11-14 23:15

Updated : 2023-11-21 21:04

NVD link : CVE-2023-45616

Mitre link : CVE-2023-45616

CVE.ORG link : CVE-2023-45616

JSON object : View

Products Affected

arubanetworks

arubaos

hp

instantos

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2023-45616", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-14T23:15:09.663", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en AirWave Client Service subyacente que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."}], "lastModified": "2023-11-21T21:04:37.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF", "versionEndExcluding": "10.4.0.3", "versionStartIncluding": "10.3.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D", "versionEndExcluding": "8.6.0.23", "versionStartIncluding": "6.4.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F", "versionEndExcluding": "8.10.0.9", "versionStartIncluding": "8.10.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543", "versionEndExcluding": "8.11.2.0", "versionStartIncluding": "8.11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}