Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22747", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-01-06T15:24:20.502Z", "datePublished": "2023-02-28T15:47:31.864Z", "dateUpdated": "2025-03-11T14:09:40.056Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"}, {"status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"}, {"status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"}, {"status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)"}], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."}], "value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-03-01T05:45:13.020Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Multiple Unauthenticated Command Injections in the PAPI Protocol", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:30.059Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T14:09:17.378382Z", "id": "CVE-2023-22747", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T14:09:40.056Z"}}]}} 
MITRE
Vulnrichment
NVD
Redhat