CVE-2023-30504 - OpenCVE

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Arubanetworks	Edgeconnect Enterprise

Configuration 1 [-]

OR	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-05-16T18:51:43.801Z

Updated: 2023-07-07T14:30:20.990Z

Reserved: 2023-04-11T20:22:08.184Z

Link: CVE-2023-30504

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-16T19:15:09.693

Modified: 2023-07-07T15:15:09.620

Link: CVE-2023-30504

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30504", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-04-11T20:22:08.184Z", "datePublished": "2023-05-16T18:51:43.801Z", "dateUpdated": "2023-07-07T14:30:20.990Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba EdgeConnect Enterprise Software", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "9.2.3.0", "status": "affected", "version": "ECOS 9.2.x.x", "versionType": "custom"}, {"lessThanOrEqual": "all", "status": "affected", "version": "ECOS 9.1.x.x", "versionType": "custom"}, {"lessThanOrEqual": "9.0.8.0", "status": "affected", "version": "ECOS 9.0.x.x", "versionType": "custom"}, {"lessThanOrEqual": "all", "status": "affected", "version": "ECOS 8.x.x.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": " Daniel Jensen (@dozernz)"}], "datePublic": "2023-05-23T20:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise."}], "value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-07-07T14:30:20.990Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743", "versionEndIncluding": "9.0.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B", "versionEndIncluding": "9.1.5.0", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154", "versionEndIncluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities exist in the Aruba EdgeConnect Enterprise\u00a0command line interface that allow remote authenticated users\u00a0to run arbitrary commands on the underlying host. Successful\u00a0exploitation of these vulnerabilities result in the ability\u00a0to execute arbitrary commands as root on the underlying\u00a0operating system leading to complete system compromise."}], "id": "CVE-2023-30504", "lastModified": "2023-07-07T15:15:09.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-05-16T19:15:09.693", "references": [{"source": "security-alert@hpe.com", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}