CVE-2023-30507: Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface
First published: Tue May 16 2023(Updated: )
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| arubanetworks EdgeConnect enterprise | <=9.0.8.0 | |
| arubanetworks EdgeConnect enterprise | >=9.1.0.0<=9.1.5.0 | |
| arubanetworks EdgeConnect enterprise | >=9.2.0.0<=9.2.3.0 | |
| Aruba Networks EdgeConnect Enterprise | <=9.0.8.0 | |
| Aruba Networks EdgeConnect Enterprise | >=9.1.0.0<=9.1.5.0 | |
| Aruba Networks EdgeConnect Enterprise | >=9.2.0.0<=9.2.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-30507?
CVE-2023-30507 has a high severity rating due to the potential for unauthorized access to sensitive files.
How do I fix CVE-2023-30507?
To fix CVE-2023-30507, upgrade Aruba EdgeConnect Enterprise to the latest version that addresses the identified vulnerabilities.
What systems are affected by CVE-2023-30507?
CVE-2023-30507 affects Aruba EdgeConnect Enterprise versions up to and including 9.0.8.0, as well as certain 9.1.x and 9.2.x versions.
What are the consequences of exploiting CVE-2023-30507?
Exploiting CVE-2023-30507 could allow an attacker to read arbitrary files on the underlying operating system, potentially exposing sensitive data.
Is authentication required to exploit CVE-2023-30507?
Yes, CVE-2023-30507 can be exploited by authenticated users who have access to the command line interface.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/source
- agent/event
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect enterprise
- version/arubanetworks edgeconnect enterprise/9.0.8.0
- version/arubanetworks edgeconnect enterprise/9.1.0.0
- version/arubanetworks edgeconnect enterprise/9.1.5.0
- version/arubanetworks edgeconnect enterprise/9.2.0.0
- version/arubanetworks edgeconnect enterprise/9.2.3.0
- canonical/aruba networks edgeconnect enterprise
- version/aruba networks edgeconnect enterprise/9.0.8.0
- version/aruba networks edgeconnect enterprise/9.1.0.0
- version/aruba networks edgeconnect enterprise/9.1.5.0
- version/aruba networks edgeconnect enterprise/9.2.0.0
- version/aruba networks edgeconnect enterprise/9.2.3.0