CVE-2023-1168
published 2023-03-22CVE-2023-1168: An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in…
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.14%
62.6th percentile
An authenticated remote code execution vulnerability
exists in the AOS-CX Network Analytics Engine. Successful
exploitation of this vulnerability results in the ability to
execute arbitrary code as a privileged user on the underlying
operating system, leading to a complete compromise of the
switch running AOS-CX.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hpe | arubaos-cx | >= 10.06.0000 < 10.06.0240 | 10.06.0240 |
| hpe | arubaos-cx | 10.08.0000 – 10.08.1070 | — |
| hpe | arubaos-cx | 10.09.0000 – 10.09.1020 | — |
| hpe | arubaos-cx | >= 10.10.0000 < 10.10.1030 | 10.10.1030 |
| linux | linux_kernel | >= 3.15.0 < 5.10.173 | 5.10.173 |
| linux | linux_kernel | >= 5.11.0 < 5.15.100 | 5.15.100 |
| linux | linux_kernel | >= 5.16.0 < 6.1.18 | 6.1.18 |
| linux | linux_kernel | >= 6.2.0 < 6.2.5 | 6.2.5 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
netfilter: ebtables: fix table blob use-after-free
osv·2025-12-30
CVE-2023-54243 netfilter: ebtables: fix table blob use-after-free
netfilter: ebtables: fix table blob use-after-free
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix table blob use-after-free
We are not allowed to return an error at this point.
Looking at the code it looks like ret is always 0 at this
point, but its not.
t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
... this can return a valid table, with ret != 0.
This bug causes update of table->private with the new
blob, but then frees the blob right away in the caller.
Syzbot report:
BUG: KASAN: vmalloc-out-of-bounds in __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168
Read of size 4 at addr ffffc90005425000 by task kworker/u4:4/74
Workqueue: netns cleanup_net
Call Trace:
kasan_report+0xbf/0x1f0 mm/kasan/report.c:517
GHSA
GHSA-qwv6-2vxv-h2vg: An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine
ghsa_unreviewed·2023-03-22
CVE-2023-1168 [HIGH] CWE-77 GHSA-qwv6-2vxv-h2vg: An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.
Red Hat
kernel: netfilter: ebtables: fix table blob use-after-free
vendor_redhat·2025-12-30·CVSS 5.3
CVE-2023-54243 [MEDIUM] CWE-416 kernel: netfilter: ebtables: fix table blob use-after-free
kernel: netfilter: ebtables: fix table blob use-after-free
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix table blob use-after-free
We are not allowed to return an error at this point.
Looking at the code it looks like ret is always 0 at this
point, but its not.
t = find_table_lock(net, repl->name, &ret, &ebt_mutex);
... this can return a valid table, with ret != 0.
This bug causes update of table->private with the new
blob, but then frees the blob right away in the caller.
Syzbot report:
BUG: KASAN: vmalloc-out-of-bounds in __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168
Read of size 4 at addr ffffc90005425000 by task kworker/u4:4/74
Workqueue: netns cleanup_net
Call Trace:
kasan_report+0xbf/0x1f0 mm/kasan/report.c:517
No detection rules found.
No public exploits indexed.
2023-03-22
Published