Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
Metrics
No CVSS v4.0
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact Low
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Arubanetworks |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
AND |
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
AND |
|
Configuration 5 [-]
AND |
|
Configuration 6 [-]
AND |
|
Configuration 7 [-]
AND |
|
Configuration 8 [-]
AND |
|
Configuration 9 [-]
AND |
|
Configuration 10 [-]
AND |
|
Configuration 11 [-]
AND |
|
Configuration 12 [-]
AND |
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hpe
Published: 2022-09-06T17:18:54
Updated: 2024-08-03T03:51:45.750Z
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23686
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-06T18:15:11.193
Modified: 2024-11-21T06:49:06.000
Link: CVE-2022-23686
Redhat
No data.