{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30509", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-04-11T20:22:08.185Z", "datePublished": "2023-05-16T18:55:05.306Z", "dateUpdated": "2023-07-07T14:31:12.085Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba EdgeConnect Enterprise Software", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "9.2.3.0", "status": "affected", "version": "ECOS 9.2.x.x", "versionType": "custom"}, {"lessThanOrEqual": "9.1.5.0", "status": "affected", "version": "ECOS 9.1.x.x", "versionType": "custom"}, {"lessThanOrEqual": "9.0.8.0", "status": "affected", "version": "ECOS 9.0.x.x", "versionType": "custom"}, {"lessThanOrEqual": "all", "status": "affected", "version": "ECOS 8.x.x.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": " Daniel Jensen (@dozernz)"}], "datePublic": "2023-05-23T20:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files."}], "value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-07-07T14:31:12.085Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743", "versionEndIncluding": "9.0.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B", "versionEndIncluding": "9.1.5.0", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154", "versionEndIncluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."}], "id": "CVE-2023-30509", "lastModified": "2023-07-07T15:15:10.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-05-16T19:15:10.067", "references": [{"source": "security-alert@hpe.com", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}