First published: Wed Jul 05 2023(Updated: )
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Arubaos | >=6.5.4.0<8.6.0.21 | |
Arubanetworks Arubaos | >=8.7.0.0<8.10.0.7 | |
Arubanetworks Arubaos | >=8.11.0.0<8.11.1.1 | |
Arubanetworks Arubaos | >=10.4.0.0<10.4.0.2 | |
Arubanetworks Mc-va-10 | ||
Arubanetworks Mc-va-1k | ||
Arubanetworks Mc-va-250 | ||
Arubanetworks Mc-va-50 | ||
Arubanetworks Mcr-va-10k | ||
Arubanetworks Mcr-va-1k | ||
Arubanetworks Mcr-va-50 | ||
Arubanetworks Mcr-va-500 | ||
Arubanetworks Mcr-va-5k | ||
Arubanetworks Sd-wan | ||
Arubanetworks Mcr-hw-10k | ||
Arubanetworks Mcr-hw-1k | ||
Arubanetworks Mcr-hw-5k |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-35975 is an authenticated path traversal vulnerability in the ArubaOS command line interface.
Successful exploitation of CVE-2023-35975 allows an attacker to delete arbitrary files in the underlying operating system.
ArubaOS versions from 6.5.4.0 to 8.6.0.21, from 8.7.0.0 to 8.10.0.7, from 8.11.0.0 to 8.11.1.1, and 10.4.0.0 to 10.4.0.2 are affected by CVE-2023-35975.
CVE-2023-35975 has a severity rating of 8.1 out of 10, classified as high.
Apply the necessary security patches provided by Aruba Networks as mentioned in the reference link.