Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface
CVE-2023-39267

6.6MEDIUM

Key Information:

Vendor: HP
Status: Arubaos-switch
Vendor: CVE Published:; 29 August 2023

Badges

📰 News Worthy

Summary

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

Affected Version(s)

ArubaOS-Switch ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.

ArubaOS-Switch ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below.

News Articles

GBHackers News

CVE-2023-39266 CVE-2023-39267

Multiple Flaws in ArubaOS Switches Let Attackers Execute Remote Code

Multiple vulnerabilities have been identified in ArubaOS-Switch Switches, specifically pertaining to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption. Aruba has taken measures to mitigate these vulnerabilities and has subsequently published a security advisory...

5 months ago

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by GBHackers News
Sep 2, 2024
Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Jul 26, 2023

Credit

Lino Mirgeler of DTS Systeme GmbH

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Multiple Flaws in ArubaOS Switches Let Attackers Execute Remote Code

References

CVSS V3.1

Timeline

Credit