Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23677

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

Published

2022-05-10T19:15:09.220

Last Modified

2024-11-21T06:49:04.657

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arubanetworks	5406r_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	5406r_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	5406r_firmware	< 16.04.0024	Yes
Operating System	arubanetworks	5406r_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	5406r_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	5406r_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	5406r_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	5406r	-	No
Operating System	arubanetworks	2920_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2920_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2920_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2920_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2920_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2920_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2920_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2920	-	No
Operating System	arubanetworks	2930f_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2930f_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2930f_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2930f_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2930f_firmware	≤ 16.09.0020	Yes
Operating System	arubanetworks	2930f_firmware	≤ 16.10.0020	Yes
Operating System	arubanetworks	2930f_firmware	≤ 16.11.0004	Yes
Hardware	arubanetworks	2930f	-	No
Operating System	arubanetworks	2930m_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2930m_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2930m_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2930m_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2930m_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2930m_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2930m_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2930m	-	No
Operating System	arubanetworks	2530_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2530_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2530_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2530_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2530_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2530_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2530_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2530	-	No
Operating System	arubanetworks	2540_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2540_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2540_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2540_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2540_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2540_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2540_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2540	-	No
Operating System	arubanetworks	5412r_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	5412r_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	5412r_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	5412r_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	5412r_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	5412r_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	5412r_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	5412r	-	No
Operating System	arubanetworks	2615_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2615_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2615_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2615_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2615_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2615_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2615_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2615	-	No
Operating System	arubanetworks	2620_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2620_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2620_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2620_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2620_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2620_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2620_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2620	-	No
Operating System	arubanetworks	2915_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	2915_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	2915_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	2915_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	2915_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	2915_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	2915_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	2915	-	No
Operating System	arubanetworks	3810m_firmware	≤ 15.16.0023	Yes
Operating System	arubanetworks	3810m_firmware	< 16.02.0034	Yes
Operating System	arubanetworks	3810m_firmware	≤ 16.04.0024	Yes
Operating System	arubanetworks	3810m_firmware	< 16.08.0025	Yes
Operating System	arubanetworks	3810m_firmware	< 16.09.0020	Yes
Operating System	arubanetworks	3810m_firmware	< 16.10.0020	Yes
Operating System	arubanetworks	3810m_firmware	< 16.11.0004	Yes
Hardware	arubanetworks	3810m	-	No

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt Vendor Advisory ([email protected])
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)