CVE-2023-3718

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

1.1%

top 21.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Arubaos-cx Hewlett Packard Enterprise (hpe) Aruba CX Switches

Timeline

PublishedAug 1

Description

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise_(hpe)/aruba_cx_switchesAOS-CX 10.10.xxxx: 10.10.1050 and below, AOS-CX 10.11.xxxx: 10.11.1010 and below+1

▶NVDhpe/arubaos-cx10.10.0000 — 10.10.1050+1

🔴Vulnerability Details

CVEList

Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface↗2023-08-01

▶

GHSA

GHSA-jmx3-98vw-w6hq: An authenticated command injection vulnerability exists in the AOS-CX command line interface↗2023-08-01

▶