CVE-2023-39267 - Vulnerability Details - OpenCVE

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Arubanetworks	Aruba 2530 Aruba 2530ya Aruba 2530yb Aruba 2540 Aruba 2920 Aruba 2930f Aruba 2930m Aruba 3810m Aruba 5406r Zl2 Aruba 5412r Zl2
Hpe	Arubaos-switch

Configuration 1 [-]

AND

OR	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::
	cpe:2.3:o:hpe:arubaos-switch::::::::

OR	cpe:2.3:h:arubanetworks:aruba_2530:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2530ya:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2530yb:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2540:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2920:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2930f:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_2930m:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_3810m:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:::::::*
	cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:::::::*

No data.

References

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt

History

Fri, 27 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-08-29T19:28:55.315Z

Updated: 2024-09-27T19:54:56.961Z

Reserved: 2023-07-26T15:52:27.843Z

Link: CVE-2023-39267

Vulnrichment

Updated: 2024-08-02T18:02:06.899Z

NVD

Status : Modified

Published: 2023-08-29T20:15:09.743

Modified: 2024-11-21T08:15:01.180

Link: CVE-2023-39267

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39267", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-07-26T15:52:27.843Z", "datePublished": "2023-08-29T19:28:55.315Z", "dateUpdated": "2024-09-27T19:54:56.961Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ArubaOS-Switch", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.09.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.07.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.06.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.05.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.03.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.02.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.01.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Lino Mirgeler of DTS Systeme GmbH"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<pre><pre>An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.</pre><br></pre>"}], "value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-08-29T19:28:55.315Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.899Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T19:41:36.720364Z", "id": "CVE-2023-39267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T19:54:56.961Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.899Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-27T19:41:36.720364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T19:54:47.784Z"}}], "cna": {"title": "Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Lino Mirgeler of DTS Systeme GmbH"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise", "product": "ArubaOS-Switch", "versions": [{"status": "affected", "version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.09.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.07.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.06.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.05.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."}, {"status": "affected", "version": "ArubaOS-Switch 16.03.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.02.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 16.01.xxxx: All versions."}, {"status": "affected", "version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."}], "defaultStatus": "affected"}], "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<pre><pre>An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.</pre><br></pre>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-08-29T19:28:55.315Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39267", "state": "PUBLISHED", "dateUpdated": "2024-09-27T19:54:56.961Z", "dateReserved": "2023-07-26T15:52:27.843Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2023-08-29T19:28:55.315Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD", "versionEndExcluding": "a.15.16.0026", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9", "versionEndExcluding": "16.04.0027", "versionStartIncluding": "16.01.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0", "versionEndExcluding": "16.08.0027", "versionStartIncluding": "16.05.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039", "versionEndExcluding": "16.10.0024", "versionStartIncluding": "16.10.0001", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4", "versionEndExcluding": "16.11.0013", "versionStartIncluding": "16.11.0001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada en la interfaz de l\u00ednea de comandos de ArubaOS-Switch. La explotaci\u00f3n exitosa da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el switch.\n"}], "id": "CVE-2023-39267", "lastModified": "2024-11-21T08:15:01.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-29T20:15:09.743", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}