Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface

CVE-2023-30504

8.8HIGH

Key Information

Vendor: HP
Status: Aruba EdgeConnect Enterprise Software
Vendor: CVE Published:; 16 May 2023

Summary

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Affected Version(s)

Aruba EdgeConnect Enterprise Software <= 9.2.3.0

Aruba EdgeConnect Enterprise Software <= ECOS 9.1.x.x

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 16, 2023
Vulnerability Reserved.
Apr 11, 2023

Collectors

NVD DatabaseMitre Database

Credit

Daniel Jensen (@dozernz)