CVE-2023-22772Path Traversal in Arubaos

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 22.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Sd-wan
Timeline
PublishedMar 1

Description

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.6.0.19+2
NVDarubanetworks/sd-wan8.7.0.0-2.3.0.08.7.0.0-2.3.0.8

🔴Vulnerability Details

2
GHSA
GHSA-wmq7-35rx-7xx3: An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface2023-03-01
CVEList
Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion2023-02-28
CVE-2023-22772 — Path Traversal in Arubaos | cvebase