CVE-2023-45618Arubaos vulnerability

3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.5%
top 32.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHP Instantos
Timeline
PublishedNov 14
Latest updateNov 15

Description

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

NVDarubanetworks/arubaos10.3.0.010.4.0.3+1
NVDhp/instantos6.4.0.08.6.0.23+2

🔴Vulnerability Details

2
GHSA
GHSA-gwf3-cr67-mr84: There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol)2023-11-15
CVEList
CVE-2023-45618: There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol)2023-11-14
CVE-2023-45618 — Arubanetworks Arubaos vulnerability | cvebase