Authenticated Remote Code Execution in Aruba CX Switches
CVE-2023-1168
Summary
An authenticated remote code execution vulnerability has been identified in the AOS-CX Network Analytics Engine, allowing attackers to execute arbitrary code with privileged user permissions on the operating system. This exploitation can lead to a total compromise of the switch utilizing AOS-CX, increasing the risk of unauthorized access and control over the network infrastructure.
Affected Version(s)
Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series AOS-CX AOS-CX 10.10.xxxx: 10.10.1020 and below.
Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series AOS-CX AOS-CX 10.09.xxxx: 10.09.1020 and below.
Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch Series AOS-CX AOS-CX 10.08.xxxx: 10.08.1070 and below.
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved