Cross site request forgery (csrf)

2022-09-0618:15:00

PRIOn knowledge base

www.prio-n.com

aos-cx

anti-csrf

command execution

security vulnerability

arubaos-cx switches

upgrade

nvd

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

CPENameOperatorVersion
aos-cxge10.06.0000
aos-cxlt10.06.0210
aos-cxge10.08.0000
aos-cxlt10.08.1070
aos-cxge10.09.0000
aos-cxlt10.09.1030
aos-cxge10.10.0000
aos-cxlt10.10.1000
aos-cxge10.06.0000
aos-cxlt10.06.0210

Name	Operator	Version
aos-cx	ge	10.06.0000
aos-cx	lt	10.06.0210
aos-cx	ge	10.08.0000
aos-cx	lt	10.08.1070
aos-cx	ge	10.09.0000
aos-cx	lt	10.09.1030
aos-cx	ge	10.10.0000
aos-cx	lt	10.10.1000
aos-cx	ge	10.06.0000
aos-cx	lt	10.06.0210