Lucene search

[email protected]NVD:CVE-2023-38484

HistorySep 06, 2023 - 6:15 p.m.

CVE-2023-38484

2023-09-0618:15:08

CWE-94

[email protected]

web.nvd.nist.gov

vulnerabilities

aruba

bios implementation

arbitrary code execution

system compromise

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.

Affected configurations

NVD

Node

arubanetworksarubaosRange8.6.0.0–8.6.0.22

arubanetworksarubaosRange8.10.0.0–8.10.0.7

arubanetworksarubaosRange8.11.0.0–8.11.1.1

arubanetworksarubaosRange10.4.0.0–10.4.0.2

AND

arubanetworks9004Match-

arubanetworks9004-lteMatch-

arubanetworks9012Match-

arubanetworks9240Match-

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-38484

cve1 cvelist1 prion1