cbcvebase.
CVE-2023-1168
published 2023-03-22

CVE-2023-1168: An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in…

PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.14%
62.6th percentile
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.

Affected

8 ranges
VendorProductVersion rangeFixed in
hpearubaos-cx>= 10.06.0000 < 10.06.024010.06.0240
hpearubaos-cx10.08.0000 – 10.08.1070
hpearubaos-cx10.09.0000 – 10.09.1020
hpearubaos-cx>= 10.10.0000 < 10.10.103010.10.1030
linuxlinux_kernel>= 3.15.0 < 5.10.1735.10.173
linuxlinux_kernel>= 5.11.0 < 5.15.1005.15.100
linuxlinux_kernel>= 5.16.0 < 6.1.186.1.18
linuxlinux_kernel>= 6.2.0 < 6.2.56.2.5

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.