A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hpe
Published: 2022-09-06T17:18:55
Updated: 2022-09-06T17:18:55
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23691
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-06T18:15:11.390
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-23691
JSON object: View
Redhat Information
No data.
CWE