CVE-2023-45625 - OpenCVE

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arubanetworks	Arubaos
Hp	Instantos

Configuration 1 [-]

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:::::::*
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::

No data.

References

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-11-14T22:57:42.530Z

Updated: 2024-08-02T20:21:16.813Z

Reserved: 2023-10-09T16:22:24.804Z

Link: CVE-2023-45625

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-14T23:15:11.243

Modified: 2023-11-21T19:51:31.120

Link: CVE-2023-45625

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45625", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-10-09T16:22:24.804Z", "datePublished": "2023-11-14T22:57:42.530Z", "dateUpdated": "2024-08-02T20:21:16.813Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"}, {"status": "affected", "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"}, {"status": "affected", "version": "InstantOS 8.11.x.x: 8.11.1.2 and below"}, {"status": "affected", "version": "InstantOS 8.10.x.x: 8.10.0.8 and below"}, {"status": "affected", "version": "InstantOS 8.6.x.x: 8.6.0.22 and below"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Chancen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>"}], "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-11-14T22:57:42.530Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.813Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF", "versionEndExcluding": "10.4.0.3", "versionStartIncluding": "10.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D", "versionEndExcluding": "8.6.0.23", "versionStartIncluding": "6.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F", "versionEndExcluding": "8.10.0.9", "versionStartIncluding": "8.10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543", "versionEndExcluding": "8.11.2.0", "versionStartIncluding": "8.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."}], "id": "CVE-2023-45625", "lastModified": "2023-11-21T19:51:31.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-11-14T23:15:11.243", "references": [{"source": "security-alert@hpe.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}