CVE-2023-45625Command Injection in Arubaos

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 77.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHP Instantos
Timeline
PublishedNov 14
Latest updateNov 15

Description

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDhp/instantos6.4.0.08.6.0.23+2
NVDarubanetworks/arubaos10.3.0.010.4.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-x2pr-v4m9-c4hj: Multiple authenticated command injection vulnerabilities exist in the command line interface2023-11-15
CVEList
CVE-2023-45625: Multiple authenticated command injection vulnerabilities exist in the command line interface2023-11-14
CVE-2023-45625 — Command Injection in Arubaos | cvebase