CVE-2023-1168

CWE-77 — Command Injection CWE-416 — Use After Free6 documents6 sources

Severity

8.8HIGH

EPSS

1.7%

top 17.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Arubaos-cx

Timeline

PublishedMar 22

Latest updateDec 30

Description

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDhpe/arubaos-cx10.06.0000 — 10.06.0240+3

🔴Vulnerability Details

OSV

netfilter: ebtables: fix table blob use-after-free↗2025-12-30

▶

GHSA

GHSA-qwv6-2vxv-h2vg: An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine↗2023-03-22

▶

CVEList

Authenticated Remote Code Execution in Aruba CX Switches↗2023-03-21

▶

📋Vendor Advisories

Red Hat

kernel: netfilter: ebtables: fix table blob use-after-free↗2025-12-30

▶