Lucene search

[email protected]CVE-2022-23691

HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-23691

2022-09-0618:15:11

[email protected]

web.nvd.nist.gov

cve-2022-23691

vulnerability

aos-cx

switch

authentication bypass

arubaos-cx

security

nvd

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Affected configurations

NVD

Node

arubanetworksaos-cxRange10.06.0000–10.06.0210

arubanetworksaos-cxRange10.08.0000–10.08.1070

arubanetworksaos-cxRange10.09.0000–10.09.1030

arubanetworksaos-cxRange10.10.0000–10.10.0002

AND

arubanetworkscx_10000Match-

Node

arubanetworksaos-cxRange10.06.0000–10.06.0210

arubanetworksaos-cxRange10.08.0000–10.08.1070

arubanetworksaos-cxRange10.09.0000–10.09.1030

arubanetworksaos-cxRange10.10.0000–10.10.0002

AND

arubanetworkscx_8325Match-

Node

arubanetworksaos-cxRange10.06.0000–10.06.0210

arubanetworksaos-cxRange10.08.0000–10.08.1070

arubanetworksaos-cxRange10.09.0000–10.09.1030

arubanetworksaos-cxRange10.10.0000–10.10.0002

AND

arubanetworkscx_8320Match-

Node

arubanetworksaos-cxRange10.06.0000–10.06.0210

arubanetworksaos-cxRange10.08.0000–10.08.1070

arubanetworksaos-cxRange10.09.0000–10.09.1030

arubanetworksaos-cxRange10.10.0000–10.10.0002

AND

arubanetworkscx_9300Match-

CPENameOperatorVersion
arubanetworks:aos-cxarubanetworks aos-cxle10.06.0210
arubanetworks:aos-cxarubanetworks aos-cxle10.08.1070
arubanetworks:aos-cxarubanetworks aos-cxle10.09.1030
arubanetworks:aos-cxarubanetworks aos-cxle10.10.0002

CPE	Name	Operator	Version
arubanetworks:aos-cx	arubanetworks aos-cx	le	10.06.0210
arubanetworks:aos-cx	arubanetworks aos-cx	le	10.08.1070
arubanetworks:aos-cx	arubanetworks aos-cx	le	10.09.1030
arubanetworks:aos-cx	arubanetworks aos-cx	le	10.10.0002

CNA Affected

[
  {
    "product": "Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below."
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Social References

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CVE-2022-23691

nvd1 cvelist1 prion1