CVE-2023-22775 — Resource Exposure in Arubaos

CWE-668 — Resource Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Arubanetworks Sd-wan

Timeline

PublishedMar 1

Description

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDarubanetworks/arubaos8.6.0.0 — 8.6.0.19+2

▶NVDarubanetworks/sd-wan8.7.0.0-2.3.0.0 — 8.7.0.0-2.3.0.8

🔴Vulnerability Details

GHSA

GHSA-pvf9-jp7g-w7j3: A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface↗2023-03-01

▶

CVEList

Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface↗2023-02-28

▶