CVE-2023-38486 - Vulnerability Details - OpenCVE

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00095.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Arubanetworks	9004 9004-lte 9012 9240 Arubaos

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

OR	cpe:2.3:h:arubanetworks:9004:-:::::::*
	cpe:2.3:h:arubanetworks:9004-lte:-:::::::*
	cpe:2.3:h:arubanetworks:9012:-:::::::*
	cpe:2.3:h:arubanetworks:9240:-:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-42302	A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt

History

Thu, 26 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-09-06T17:48:38.025Z

Updated: 2024-09-26T19:51:05.849Z

Reserved: 2023-07-18T14:34:27.165Z

Link: CVE-2023-38486

Vulnrichment

Updated: 2024-08-02T17:39:13.554Z

NVD

Status : Modified

Published: 2023-09-06T18:15:08.547

Modified: 2024-11-21T08:13:40.187

Link: CVE-2023-38486

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38486", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-07-18T14:34:27.165Z", "datePublished": "2023-09-06T17:48:38.025Z", "dateUpdated": "2024-09-26T19:51:05.849Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "<=10.4.0.1", "status": "affected", "version": "ArubaOS 10.4.x.x", "versionType": "semver"}, {"lessThanOrEqual": "<=8.11.1.0", "status": "affected", "version": "ArubaOS 8.11.x.x", "versionType": "semver"}, {"lessThanOrEqual": "<=8.10.0.6", "status": "affected", "version": "ArubaOS 8.10.x.x", "versionType": "semver"}, {"lessThanOrEqual": "<=8.6.0.21", "status": "affected", "version": "ArubaOS 8.6.x.x", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nicholas Starke of Aruba Threat Labs"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images."}], "value": "A vulnerability in the secure boot implementation on affected\u00a0Aruba 9200 and 9000 Series Controllers and Gateways allows\u00a0an attacker to bypass security controls which would normally\u00a0prohibit unsigned kernel images from executing. An attacker\u00a0can use this vulnerability to execute arbitrary runtime\u00a0operating systems, including unverified and unsigned OS\u00a0images."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-09-06T17:48:38.025Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.554Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "affected": [{"vendor": "arubanetworks", "product": "arubaos", "cpes": ["cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "8.6.0.0", "status": "affected", "lessThan": "8.6.0.22", "versionType": "semver"}, {"version": "8.10.0.0", "status": "affected", "lessThan": "8.10.0.7", "versionType": "semver"}, {"version": "8.11.0.0", "status": "affected", "lessThan": "8.11.1.1", "versionType": "semver"}, {"version": "10.4.0.0", "status": "affected", "lessThan": "10.4.0.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T19:38:37.378313Z", "id": "CVE-2023-38486", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:51:05.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.554Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38486", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T19:38:37.378313Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "arubaos", "versions": [{"status": "affected", "version": "8.6.0.0", "lessThan": "8.6.0.22", "versionType": "semver"}, {"status": "affected", "version": "8.10.0.0", "lessThan": "8.10.0.7", "versionType": "semver"}, {"status": "affected", "version": "8.11.0.0", "lessThan": "8.11.1.1", "versionType": "semver"}, {"status": "affected", "version": "10.4.0.0", "lessThan": "10.4.0.2", "versionType": "semver"}], "defaultStatus": "affected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:44:49.150Z"}}], "cna": {"title": "Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nicholas Starke of Aruba Threat Labs"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways", "versions": [{"status": "affected", "version": "ArubaOS 10.4.x.x", "versionType": "semver", "lessThanOrEqual": "<=10.4.0.1"}, {"status": "affected", "version": "ArubaOS 8.11.x.x", "versionType": "semver", "lessThanOrEqual": "<=8.11.1.0"}, {"status": "affected", "version": "ArubaOS 8.10.x.x", "versionType": "semver", "lessThanOrEqual": "<=8.10.0.6"}, {"status": "affected", "version": "ArubaOS 8.6.x.x", "versionType": "semver", "lessThanOrEqual": "<=8.6.0.21"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the secure boot implementation on affected\u00a0Aruba 9200 and 9000 Series Controllers and Gateways allows\u00a0an attacker to bypass security controls which would normally\u00a0prohibit unsigned kernel images from executing. An attacker\u00a0can use this vulnerability to execute arbitrary runtime\u00a0operating systems, including unverified and unsigned OS\u00a0images.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-09-06T17:48:38.025Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38486", "state": "PUBLISHED", "dateUpdated": "2024-09-26T19:51:05.849Z", "dateReserved": "2023-07-18T14:34:27.165Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2023-09-06T17:48:38.025Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADB9BE64-9455-46B2-80C8-BD9B88A8F372", "versionEndExcluding": "8.6.0.22", "versionStartIncluding": "8.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "48293E3F-C6BD-4875-8C7A-67ED41B7C18D", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6BF9E0D-630F-40B4-9109-560CA13C981B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the secure boot implementation on affected\u00a0Aruba 9200 and 9000 Series Controllers and Gateways allows\u00a0an attacker to bypass security controls which would normally\u00a0prohibit unsigned kernel images from executing. An attacker\u00a0can use this vulnerability to execute arbitrary runtime\u00a0operating systems, including unverified and unsigned OS\u00a0images."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de arranque seguro en los Controladores y Gateways de las Series Aruba 9200 y 9000 afectados permite a un atacante eludir los controles de seguridad que normalmente prohibir\u00edan la ejecuci\u00f3n de im\u00e1genes del kernel sin firmar. Un atacante puede utilizar esta vulnerabilidad para ejecutar sistemas operativos en tiempo de ejecuci\u00f3n arbitrarios, incluidas im\u00e1genes de sistema operativo no verificadas y sin firmar."}], "id": "CVE-2023-38486", "lastModified": "2024-11-21T08:13:40.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.8, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-06T18:15:08.547", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}