CVE-2023-22788: Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
First published: Mon May 08 2023(Updated: )
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Arubaos | >=10.3.0.0<=10.3.1.0 | |
| Hp Instantos | >=6.4.0.0<=6.4.4.8-4.2.4.20 | |
| Hp Instantos | >=6.5.0.0<=6.5.4.23 | |
| Hp Instantos | >=8.4.0.0<8.6.0.0 | |
| Hp Instantos | >=8.6.0.0<=8.6.0.19 | |
| Hp Instantos | >=8.7.0.0<=8.9.0.0 | |
| Hp Instantos | >=8.10.0.0<=8.10.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-22788?
CVE-2023-22788 is a vulnerability that allows authenticated users to execute arbitrary commands on the underlying operating system of Aruba InstantOS and ArubaOS 10.
How does CVE-2023-22788 affect Aruba InstantOS?
CVE-2023-22788 affects Aruba InstantOS versions between 6.4.0.0 and 6.4.4.8-4.2.4.20, versions between 6.5.0.0 and 6.5.4.23, versions between 8.4.0.0 and 8.6.0.0, versions between 8.6.0.0 and 8.6.0.19, versions between 8.7.0.0 and 8.9.0.0, and versions between 8.10.0.0 and 8.10.0.4.
How does CVE-2023-22788 affect ArubaOS 10?
CVE-2023-22788 affects ArubaOS 10 versions between 10.3.0.0 and 10.3.1.0.
What is the severity of CVE-2023-22788?
CVE-2023-22788 has a severity score of 8.8 (high).
How can I fix CVE-2023-22788?
To fix CVE-2023-22788, it is recommended to update Aruba InstantOS to a version that is not affected by the vulnerability.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/source
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/arubanetworks
- canonical/arubanetworks arubaos
- version/arubanetworks arubaos/10.3.0.0
- version/arubanetworks arubaos/10.3.1.0
- vendor/hp
- canonical/hp instantos
- version/hp instantos/6.4.0.0
- version/hp instantos/6.4.4.8-4.2.4.20
- version/hp instantos/6.5.0.0
- version/hp instantos/6.5.4.23
- version/hp instantos/8.4.0.0
- version/hp instantos/8.6.0.0
- version/hp instantos/8.6.0.19
- version/hp instantos/8.7.0.0
- version/hp instantos/8.9.0.0
- version/hp instantos/8.10.0.0
- version/hp instantos/8.10.0.4