An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Arubanetworks
  • 9004
  • 7210
  • Mcr-va-10k
  • Mcr-va-50
  • 9004-lte
  • 7205
  • Mcr-hw-1k
  • Mc-va-50
  • Mc-va-1k
  • 7010
  • 7280
  • 9012
  • Arubaos
  • Mc-va-250
  • Sd-wan
  • Mcr-hw-5k
  • Mcr-va-5k
  • 7220
  • Mc-va-10
  • Mcr-va-500
  • 7240xm
  • Mcr-hw-10k
  • 7030
  • Mcr-va-1k

Configuration 1 [-]

AND
OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*
References
Link Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-02-28T17:02:51.772Z

Updated: 2023-03-01T05:45:13.020935Z

Reserved: 2023-01-06T15:24:20.509Z

Link: CVE-2023-22776

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-03-01T08:15:14.473

Modified: 2023-11-07T04:07:24.517

Link: CVE-2023-22776

JSON object: View

cve-icon Redhat Information

No data.

CWE