CVE-2023-3718: Command Injection
First published: Tue Aug 01 2023(Updated: )
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Arubaos-cx | >=10.10.0000<=10.10.1050 | |
| Hpe Arubaos-cx | >=10.11.0000<=10.11.1010 | |
| Hpe Aruba Cx 10000-48y6 | ||
| Hpe Aruba Cx 4100i | ||
| Hpe Aruba Cx 6000 12g | ||
| Hpe Aruba Cx 6000 24g | ||
| Hpe Aruba Cx 6000 48g | ||
| Hpe Aruba Cx 6100 | ||
| Hpe Aruba Cx 6200f | ||
| Hpe Aruba Cx 6200f 48g | ||
| Hpe Aruba Cx 6200m | ||
| Hpe Aruba Cx 6200m 24g | ||
| Hpe Aruba Cx 6300m 24p | ||
| Hpe Aruba Cx 6300m 48g | ||
| Hpe Aruba Cx 6405 | ||
| Hpe Aruba Cx 6410 | ||
| Hpe Aruba Cx 8320-32 | ||
| Hpe Aruba Cx 8320-48p | ||
| Hpe Aruba Cx 8325-32c | ||
| Hpe Aruba Cx 8325-48y8c | ||
| Hpe Aruba Cx 8360-12c | ||
| Hpe Aruba Cx 8360-16y2c | ||
| Hpe Aruba Cx 8360-24xf2c | ||
| Hpe Aruba Cx 8360-32y4c | ||
| Hpe Aruba Cx 8360-48xt4c | ||
| Hpe Aruba Cx 8360-48y6c | ||
| Hpe Aruba Cx 8400 | ||
| Hpe Aruba Cx 9300 32d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability?
The vulnerability ID for this command injection vulnerability is CVE-2023-3718.
What is the severity of CVE-2023-3718?
The severity of CVE-2023-3718 is high.
Which software is affected by CVE-2023-3718?
The affected software is Hpe Arubaos-cx versions 10.10.0000 to 10.10.1050 and 10.11.0000 to 10.11.1010.
How can the command injection vulnerability be exploited?
The command injection vulnerability can be exploited by executing arbitrary commands on the underlying operating system as a privileged user on the affected switch.
Is there a fix available for CVE-2023-3718?
Yes, it is recommended to update to a version of Hpe Arubaos-cx that is not vulnerable to this issue.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/hpe
- canonical/hpe arubaos-cx
- version/hpe arubaos-cx/10.10.0000
- version/hpe arubaos-cx/10.10.1050
- version/hpe arubaos-cx/10.11.0000
- version/hpe arubaos-cx/10.11.1010
- canonical/hpe aruba cx 10000-48y6
- canonical/hpe aruba cx 4100i
- canonical/hpe aruba cx 6000 12g
- canonical/hpe aruba cx 6000 24g
- canonical/hpe aruba cx 6000 48g
- canonical/hpe aruba cx 6100
- canonical/hpe aruba cx 6200f
- canonical/hpe aruba cx 6200f 48g
- canonical/hpe aruba cx 6200m
- canonical/hpe aruba cx 6200m 24g
- canonical/hpe aruba cx 6300m 24p
- canonical/hpe aruba cx 6300m 48g
- canonical/hpe aruba cx 6405
- canonical/hpe aruba cx 6410
- canonical/hpe aruba cx 8320-32
- canonical/hpe aruba cx 8320-48p
- canonical/hpe aruba cx 8325-32c
- canonical/hpe aruba cx 8325-48y8c
- canonical/hpe aruba cx 8360-12c
- canonical/hpe aruba cx 8360-16y2c
- canonical/hpe aruba cx 8360-24xf2c
- canonical/hpe aruba cx 8360-32y4c
- canonical/hpe aruba cx 8360-48xt4c
- canonical/hpe aruba cx 8360-48y6c
- canonical/hpe aruba cx 8400
- canonical/hpe aruba cx 9300 32d