CVE-2023-35975 - OpenCVE

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Arubanetworks	Mcr-hw-5k Mcr-va-5k Arubaos Mc-va-50 Mc-va-10 Mcr-va-500 Mc-va-1k Mcr-va-10k Mcr-va-50 Mcr-hw-10k Mc-va-250 Mcr-hw-1k Sd-wan Mcr-va-1k

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

OR	cpe:2.3:a:arubanetworks:mc-va-10:-:::::::*
	cpe:2.3:a:arubanetworks:mc-va-1k:-:::::::*
	cpe:2.3:a:arubanetworks:mc-va-250:-:::::::*
	cpe:2.3:a:arubanetworks:mc-va-50:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-10k:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-1k:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-50:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-500:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-5k:-:::::::*
	cpe:2.3:a:arubanetworks:sd-wan:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-10k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-1k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-5k:-:::::::*

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-07-05T14:46:49.679Z

Updated: 2023-07-05T14:46:49.679Z

Reserved: 2023-06-20T18:41:22.737Z

Link: CVE-2023-35975

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-05T15:15:09.580

Modified: 2023-07-11T19:21:44.270

Link: CVE-2023-35975

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-35975", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-06-20T18:41:22.737Z", "datePublished": "2023-07-05T14:46:49.679Z", "dateUpdated": "2023-07-05T14:46:49.679Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"}, {"status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"}, {"status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"}, {"status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)"}], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system."}], "value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-07-05T14:46:49.679Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system."}], "id": "CVE-2023-35975", "lastModified": "2023-07-11T19:21:44.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-07-05T15:15:09.580", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}