cbcvebase.
CVE-2023-38486
published 2023-09-06

CVE-2023-38486: A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security…

PriorityP432medium6.4CVSS 3.1
AVLACHPRHUINSUCHIHAH
EPSS
0.29%
21.0th percentile
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

Affected

4 ranges
VendorProductVersion rangeFixed in
arubanetworksarubaos>= 10.4.0.0 < 10.4.0.210.4.0.2
arubanetworksarubaos>= 8.10.0.0 < 8.10.0.78.10.0.7
arubanetworksarubaos>= 8.11.0.0 < 8.11.1.18.11.1.1
arubanetworksarubaos>= 8.6.0.0 < 8.6.0.228.6.0.22
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.