A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
2022-09-06T18:15:11.390
2024-11-21T06:49:06.793
Modified
CVSSv3.1: 6.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | arubanetworks | aos-cx | ≤ 10.06.0210 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.08.1070 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.09.1030 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.10.0002 | Yes |
| Hardware | arubanetworks | cx_10000 | - | No |
| Operating System | arubanetworks | aos-cx | ≤ 10.06.0210 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.08.1070 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.09.1030 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.10.0002 | Yes |
| Hardware | arubanetworks | cx_8325 | - | No |
| Operating System | arubanetworks | aos-cx | ≤ 10.06.0210 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.08.1070 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.09.1030 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.10.0002 | Yes |
| Hardware | arubanetworks | cx_8320 | - | No |
| Operating System | arubanetworks | aos-cx | ≤ 10.06.0210 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.08.1070 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.09.1030 | Yes |
| Operating System | arubanetworks | aos-cx | ≤ 10.10.0002 | Yes |
| Hardware | arubanetworks | cx_9300 | - | No |