CVE-2023-22777Resource Exposure in Arubaos

CWE-668Resource Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.9
EPSS
0.3%
top 51.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Sd-wan
Timeline
PublishedMar 1

Description

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.6.0.19+2
NVDarubanetworks/sd-wan8.7.0.0-2.3.0.08.7.0.0-2.3.0.8

🔴Vulnerability Details

2
GHSA
GHSA-9p98-fmfq-xhxp: An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface2023-03-01
CVEList
Authenticated Information Disclosure in ArubaOS Web-based Management Interface2023-02-28
CVE-2023-22777 — Resource Exposure in Arubaos | cvebase