{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45620", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-10-09T16:22:24.802Z", "datePublished": "2023-11-14T22:53:07.384Z", "dateUpdated": "2024-08-30T17:11:11.753Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"}, {"status": "affected", "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"}, {"status": "affected", "version": "InstantOS 8.11.x.x: 8.11.1.2 and below"}, {"status": "affected", "version": "InstantOS 8.10.x.x: 8.10.0.8 and below"}, {"status": "affected", "version": "InstantOS 8.6.x.x: 8.6.0.22 and below"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "XiaoC from Moonlight Bug Hunter"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.</p>"}], "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-11-14T22:53:07.384Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.843Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T17:10:44.379696Z", "id": "CVE-2023-45620", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T17:11:11.753Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.843Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45620", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T17:10:44.379696Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T17:10:57.296Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "XiaoC from Moonlight Bug Hunter"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", "versions": [{"status": "affected", "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"}, {"status": "affected", "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"}, {"status": "affected", "version": "InstantOS 8.11.x.x: 8.11.1.2 and below"}, {"status": "affected", "version": "InstantOS 8.10.x.x: 8.10.0.8 and below"}, {"status": "affected", "version": "InstantOS 8.6.x.x: 8.6.0.22 and below"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.</p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-11-14T22:53:07.384Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45620", "state": "PUBLISHED", "dateUpdated": "2024-08-30T17:11:11.753Z", "dateReserved": "2023-10-09T16:22:24.802Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2023-11-14T22:53:07.384Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF", "versionEndExcluding": "10.4.0.3", "versionStartIncluding": "10.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D", "versionEndExcluding": "8.6.0.23", "versionStartIncluding": "6.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F", "versionEndExcluding": "8.10.0.9", "versionStartIncluding": "8.10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543", "versionEndExcluding": "8.11.2.0", "versionStartIncluding": "8.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"}, {"lang": "es", "value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."}], "id": "CVE-2023-45620", "lastModified": "2024-11-21T08:27:04.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T23:15:10.333", "references": [{"source": "security-alert@hpe.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}