First published: Wed Mar 01 2023(Updated: )
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Arubaos | >=8.6.0.0<=8.6.0.19 | |
Arubanetworks Arubaos | >=8.10.0.0<=8.10.0.4 | |
Arubanetworks Arubaos | >=10.3.0.0<=10.3.1.0 | |
Arubanetworks 7010 | ||
Arubanetworks 7030 | ||
Arubanetworks 7205 | ||
Arubanetworks 7210 | ||
Arubanetworks 7220 | ||
Arubanetworks 7240xm | ||
Arubanetworks 7280 | ||
Arubanetworks 9004 | ||
Arubanetworks 9004-lte | ||
Arubanetworks 9012 | ||
Arubanetworks Mc-va-10 | ||
Arubanetworks Mc-va-1k | ||
Arubanetworks Mc-va-250 | ||
Arubanetworks Mc-va-50 | ||
Arubanetworks Mcr-hw-10k | ||
Arubanetworks Mcr-hw-1k | ||
Arubanetworks Mcr-hw-5k | ||
Arubanetworks Mcr-va-10k | ||
Arubanetworks Mcr-va-1k | ||
Arubanetworks Mcr-va-50 | ||
Arubanetworks Mcr-va-500 | ||
Arubanetworks Mcr-va-5k | ||
Arubanetworks Sd-wan | >=8.7.0.0-2.3.0.0<=8.7.0.0-2.3.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22774 is an authenticated path traversal vulnerability in the ArubaOS command line interface.
The severity of CVE-2023-22774 is high, with a CVSS score of 6.5.
Successful exploitation of CVE-2023-22774 allows an attacker with authenticated access to delete arbitrary files in the underlying operating system.
ArubaOS versions 8.6.0.0 to 8.6.0.19, 8.10.0.0 to 8.10.0.4, and 10.3.0.0 to 10.3.1.0 are affected by CVE-2023-22774.
To fix CVE-2023-22774, it is recommended to upgrade ArubaOS to a version that is not vulnerable.