Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23684

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Published

2022-09-06T18:15:11.153

Last Modified

2024-11-21T06:49:05.730

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_10000	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_8325	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_8320	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_9300	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_8360	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_6400	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_6300	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_6200f	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_6100	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_6000	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_4100i	-	No
Operating System	arubanetworks	aos-cx	< 10.06.0210	Yes
Operating System	arubanetworks	aos-cx	< 10.08.1070	Yes
Operating System	arubanetworks	aos-cx	< 10.09.1030	Yes
Hardware	arubanetworks	cx_8400	-	No

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt Vendor Advisory ([email protected])
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)