CVE-2022-23677

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-05-2022 09:15

Last modified: - 25-05-2022 07:26

Total changes: - 3

Description

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

High

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

8.1

Base score

2.2

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=arubanetworks AND product=5406r_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=5406r_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=5406r_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=5406r_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=5406r_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=5406r_firmware AND versionStartIncluding=16.03.0 AND versionEndExcluding=16.04.0024

vendor=arubanetworks AND product=5406r_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=5406r AND version=-

AND

vendor=arubanetworks AND product=2920_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2920_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2920_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2920_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2920_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2920_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2920_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2920 AND version=-

AND

vendor=arubanetworks AND product=2930f_firmware AND versionEndIncluding=16.09.0020 AND versionStartIncluding=16.09.0

vendor=arubanetworks AND product=2930f_firmware AND versionEndIncluding=16.10.0020 AND versionStartIncluding=16.10.0

vendor=arubanetworks AND product=2930f_firmware AND versionEndIncluding=16.11.0004 AND versionStartIncluding=16.11.0

vendor=arubanetworks AND product=2930f_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2930f_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2930f_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2930f_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2930f AND version=-

AND

vendor=arubanetworks AND product=2930m_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2930m_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2930m_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2930m_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2930m_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2930m_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2930m_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2930m AND version=-

AND

vendor=arubanetworks AND product=2530_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2530_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2530_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2530_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2530_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2530_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2530_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2530 AND version=-

AND

vendor=arubanetworks AND product=2540_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2540_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2540_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2540_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2540_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2540_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2540_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2540 AND version=-

AND

vendor=arubanetworks AND product=5412r_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=5412r_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=5412r_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=5412r_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=5412r_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=5412r_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=5412r_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=5412r AND version=-

AND

vendor=arubanetworks AND product=2615_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2615_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2615_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2615_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2615_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2615_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2615_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2615 AND version=-

AND

vendor=arubanetworks AND product=2620_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2620_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2620_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2620_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2620_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2620_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2620_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2620 AND version=-

AND

vendor=arubanetworks AND product=2915_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=2915_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=2915_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=2915_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=2915_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=2915_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=2915_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=2915 AND version=-

AND

vendor=arubanetworks AND product=3810m_firmware AND versionEndIncluding=15.16.0023 AND versionStartIncluding=15.00.0

vendor=arubanetworks AND product=3810m_firmware AND versionStartIncluding=16.01.0 AND versionEndExcluding=16.02.0034

vendor=arubanetworks AND product=3810m_firmware AND versionEndIncluding=16.04.0024 AND versionStartIncluding=16.03.0

vendor=arubanetworks AND product=3810m_firmware AND versionStartIncluding=16.05.0 AND versionEndExcluding=16.08.0025

vendor=arubanetworks AND product=3810m_firmware AND versionStartIncluding=16.09.0 AND versionEndExcluding=16.09.0020

vendor=arubanetworks AND product=3810m_firmware AND versionStartIncluding=16.10.0 AND versionEndExcluding=16.10.0020

vendor=arubanetworks AND product=3810m_firmware AND versionStartIncluding=16.11.0 AND versionEndExcluding=16.11.0004

vendor=arubanetworks AND product=3810m AND version=-

Reference

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt

Keywords

CVE-2022-23677

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-23677

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures