Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface

CVE-2023-30505

8.8HIGH

Key Information

Vendor
HP
Status
Aruba EdgeConnect Enterprise Software
Vendor
CVE Published:
16 May 2023

Summary

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Affected Version(s)

Aruba EdgeConnect Enterprise Software <= 9.2.3.0

Aruba EdgeConnect Enterprise Software <= 9.2.3.0

Aruba EdgeConnect Enterprise Software <= 9.1.5.0

Refferences

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Daniel Jensen (@dozernz)
.