CVE-2022-23676 - Vulnerability Details

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arubanetworks	2530 2530 Firmware 2540 2540 Firmware 2615 2615 Firmware 2620 2620 Firmware 2915 2915 Firmware 2920 2920 Firmware 2930f 2930f Firmware 2930m 2930m Firmware 3810m 3810m Firmware 5406r 5406r Firmware 5412r 5412r Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::
	cpe:2.3:o:arubanetworks:5406r_firmware::::::::

cpe:2.3:h:arubanetworks:5406r:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::
	cpe:2.3:o:arubanetworks:3810m_firmware::::::::

cpe:2.3:h:arubanetworks:3810m:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::
	cpe:2.3:o:arubanetworks:2920_firmware::::::::

cpe:2.3:h:arubanetworks:2920:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::
	cpe:2.3:o:arubanetworks:2930f_firmware::::::::

cpe:2.3:h:arubanetworks:2930f:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::
	cpe:2.3:o:arubanetworks:2930m_firmware::::::::

cpe:2.3:h:arubanetworks:2930m:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::
	cpe:2.3:o:arubanetworks:2530_firmware::::::::

cpe:2.3:h:arubanetworks:2530:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::
	cpe:2.3:o:arubanetworks:2540_firmware::::::::

cpe:2.3:h:arubanetworks:2540:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::
	cpe:2.3:o:arubanetworks:5412r_firmware::::::::

cpe:2.3:h:arubanetworks:5412r:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::
	cpe:2.3:o:arubanetworks:2615_firmware::::::::

cpe:2.3:h:arubanetworks:2615:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::
	cpe:2.3:o:arubanetworks:2620_firmware::::::::

cpe:2.3:h:arubanetworks:2620:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::
	cpe:2.3:o:arubanetworks:2915_firmware::::::::

cpe:2.3:h:arubanetworks:2915:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-05-10T18:10:31

Updated: 2024-08-03T03:51:45.560Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23676

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-10T19:15:09.160

Modified: 2024-11-21T06:49:04.487

Link: CVE-2022-23676

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object