CVE-2023-39267

MEDIUM6.6

Description

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

Low

Affected products

Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below. – ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. – ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. – ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.09.xxxx: All versions. – ArubaOS-Switch 16.09.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. – ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.07.xxxx: All versions. – ArubaOS-Switch 16.07.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.06.xxxx: All versions. – ArubaOS-Switch 16.06.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.05.xxxx: All versions. – ArubaOS-Switch 16.05.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. – ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.03.xxxx: All versions. – ArubaOS-Switch 16.03.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.02.xxxx: All versions. – ArubaOS-Switch 16.02.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.01.xxxx: All versions. – ArubaOS-Switch 16.01.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. – ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below.

References

MISChttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt