CVE-2023-22776Path Traversal in Arubaos

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.4%
top 41.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Sd-wan
Timeline
PublishedMar 1

Description

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.6.0.19+2
NVDarubanetworks/sd-wan8.7.0.0-2.3.0.08.7.0.0-2.3.0.8

🔴Vulnerability Details

2
GHSA
GHSA-j4j9-vv9c-xpp3: An authenticated path traversal vulnerability exists in the ArubaOS command line interface2023-03-01
CVEList
Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read2023-02-28
CVE-2023-22776 — Path Traversal in Arubaos | cvebase