CVE-2023-35979 - OpenCVE

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Arubanetworks	Mcr-hw-5k Mcr-va-5k Arubaos Mc-va-50 Mc-va-10 Mcr-va-500 Mc-va-1k Mcr-va-10k Mcr-va-50 Mcr-hw-10k Mc-va-250 Mcr-hw-1k Sd-wan Mcr-va-1k

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

OR	cpe:2.3:a:arubanetworks:mc-va-10:-:::::::*
	cpe:2.3:a:arubanetworks:mc-va-1k:-:::::::*
	cpe:2.3:a:arubanetworks:mc-va-250:-:::::::*
	cpe:2.3:a:arubanetworks:mc-va-50:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-10k:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-1k:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-50:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-500:-:::::::*
	cpe:2.3:a:arubanetworks:mcr-va-5k:-:::::::*
	cpe:2.3:a:arubanetworks:sd-wan:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-10k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-1k:-:::::::*
	cpe:2.3:h:arubanetworks:mcr-hw-5k:-:::::::*

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-07-05T14:50:10.736Z

Updated: 2023-07-05T14:50:10.736Z

Reserved: 2023-06-20T18:41:22.738Z

Link: CVE-2023-35979

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-05T15:15:09.863

Modified: 2023-07-11T17:49:51.277

Link: CVE-2023-35979

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-35979", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-06-20T18:41:22.738Z", "datePublished": "2023-07-05T14:50:10.736Z", "dateUpdated": "2023-07-05T14:50:10.736Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"}, {"status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"}, {"status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"}, {"status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "the technical staff at Northwestern University"}], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller."}], "value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-07-05T14:50:10.736Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false}, {"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller."}], "id": "CVE-2023-35979", "lastModified": "2023-07-11T17:49:51.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-07-05T15:15:09.863", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}