CVE-2023-39267 - OpenCVE

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arubanetworks	Aruba 2530 Aruba 2530ya Aruba 2530yb Aruba 2540 Aruba 2920 Aruba 2930f Aruba 2930m Aruba 3810m Aruba 5406r Zl2 Aruba 5412r Zl2
Hpe	Arubaos-switch

Configuration 1 [-]

AND

OR	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::

OR	cpe:2.3:h:arubanetworks:aruba_2530:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2530ya:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2530yb:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2540:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2920:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2930f:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2930m:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_3810m:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:::::::*

No data.

References

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-08-29T19:28:55.315Z

Updated: 2024-08-02T18:02:06.899Z

Reserved: 2023-07-26T15:52:27.843Z

Link: CVE-2023-39267

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-29T20:15:09.743

Modified: 2023-09-11T13:52:50.330

Link: CVE-2023-39267

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39267", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-07-26T15:52:27.843Z", "datePublished": "2023-08-29T19:28:55.315Z", "dateUpdated": "2024-08-02T18:02:06.899Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ArubaOS-Switch", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.09.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.07.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.06.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.05.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.03.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.02.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.01.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Lino Mirgeler of DTS Systeme GmbH"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<pre><pre>An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.</pre><br></pre>"}], "value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-08-29T19:28:55.315Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.899Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD", "versionEndExcluding": "a.15.16.0026", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9", "versionEndExcluding": "16.04.0027", "versionStartIncluding": "16.01.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0", "versionEndExcluding": "16.08.0027", "versionStartIncluding": "16.05.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039", "versionEndExcluding": "16.10.0024", "versionStartIncluding": "16.10.0001", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4", "versionEndExcluding": "16.11.0013", "versionStartIncluding": "16.11.0001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada en la interfaz de l\u00ednea de comandos de ArubaOS-Switch. La explotaci\u00f3n exitosa da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el switch.\n"}], "id": "CVE-2023-39267", "lastModified": "2023-09-11T13:52:50.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-08-29T20:15:09.743", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}