Lucene search

HpeCVELIST:CVE-2023-22772

HistoryFeb 28, 2023 - 4:55 p.m.

CVE-2023-22772 Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion

2023-02-2816:55:26

hpe

www.cve.org

arubaos

authenticated

path traversal

vulnerability

cve-2023-22772

arbitrary file deletion

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

32.3%

JSON

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 8.6.x.x:  8.6.0.19 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x:   8.10.0.4 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.3.x.x:  10.3.1.0 and below"
      },
      {
        "status": "affected",
        "version": "SD-WAN 8.7.0.0-2.3.0.x:  8.7.0.0-2.3.0.8 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for CVELIST:CVE-2023-22772