CVE-2023-45619 — Arubaos vulnerability

3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.7%

top 28.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos HP Instantos

Timeline

PublishedNov 14

Latest updateNov 15

Description

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶NVDarubanetworks/arubaos10.3.0.0 — 10.4.0.3+1

▶NVDhp/instantos6.4.0.0 — 8.6.0.23+2

🔴Vulnerability Details

GHSA

GHSA-x4mj-2ggj-g28r: There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol)↗2023-11-15

▶

CVEList

CVE-2023-45619: There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol)↗2023-11-14

▶