Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol
CVE-2023-22751

9.8CRITICAL

Key Information:

Vendor: HP (HP)
Status: Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; Wlan Gateways And Sd-wan Gateways Managed By Aruba Central
Vendor: CVE Published:; 1 March 2023

What is CVE-2023-22751?

This vulnerability involves a stack-based buffer overflow in the Aruba Networks access point management protocol (PAPI) that could be exploited by sending specially crafted packets to the UDP port 8211. An attacker could leverage this vulnerability to execute arbitrary code on the affected devices with elevated privileges, thereby compromising the security of the underlying operating system. Remediation should be sought promptly given the implications of remote code execution.

Affected Version(s)

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 8.6.x.x: 8.6.0.19 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 8.10.x.x: 8.10.0.4 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Jan 6, 2023

Credit

Erik de Jong (bugcrowd.com/erikdejong)

JSON

HP (HP)

What is CVE-2023-22751?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit