Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways
CVE-2023-38484

8HIGH

Key Information:

Vendor
HP
Status
9200 Series Mobility Controllers And Sd-wan Gateways, 9000 Series Mobility Controllers And Sd-wan Gateways
Vendor
CVE Published:
6 September 2023

Summary

A vulnerability exists in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways, potentially enabling an attacker to execute arbitrary code during the early stages of the boot sequence. Successful exploitation of this vulnerability could grant the attacker access to and modification of sensitive information within the affected devices, posing a significant risk of complete system compromise.

Affected Version(s)

9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways ArubaOS 10.4.x.x

9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways ArubaOS 10.4.x.x

9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways ArubaOS 8.11.x.x

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nicholas Starke of Aruba Threat Labs
.