CVE-2023-22786Classic Buffer Overflow in Packard Enterprise Aruba Access Points Running Instantos AND Arubaos 10

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.3%
top 20.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
HP InstantosHP ArubaosHewlett Packard Enterprise Aruba Access Points Running Instantos AND Arubaos 10
Timeline
PublishedMay 8
Latest updateJul 6

Description

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5hewlett_packard_enterprise/aruba_access_points_running_instantos_and_arubaos_10ArubaOS 10.3.x.x: 10.3.1.4 and below, InstantOS 8.10.x.x: 8.10.0.2 and below, See reference document for further details+2
NVDhp/arubaos10.3.0.010.3.1.0
NVDhp/instantos8.4.0.08.6.0.0+5

🔴Vulnerability Details

2
GHSA
GHSA-pg68-9xfp-68rc: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending speciall2023-07-06
CVEList
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol2023-05-08
CVE-2023-22786 — Classic Buffer Overflow | cvebase