Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface

CVE-2023-35977

6.5MEDIUM

Key Information

Vendor: HP
Status: Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
Vendor: CVE Published:; 5 July 2023

Summary

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.

Affected Version(s)

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central <= - ArubaOS 10.4.x.x: 10.4.0.1 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central = - ArubaOS 10.4.x.x: 10.4.0.1 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central = - ArubaOS 8.11.x.x: 8.11.1.0 and below

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 5, 2023
Vulnerability Reserved.
Jun 20, 2023

Collectors

NVD DatabaseMitre Database

Credit

Erik de Jong (bugcrowd.com/erikdejong)