CVE-2023-3718: Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
First published: Tue Aug 01 2023(Updated: )
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aruba Networks AOS-CX Firmware | >=10.10.0000<=10.10.1050 | |
| Aruba Networks AOS-CX Firmware | >=10.11.0000<=10.11.1010 | |
| HPE Aruba CX 10000-48Y6 | ||
| Aruba Networks CX 4100i | ||
| HPE Aruba CX 6000 | ||
| HPE Aruba CX 6000 | ||
| HPE Aruba CX 6000 | ||
| Aruba Networks CX 6100 | ||
| HPE Aruba CX 6200F 48G | ||
| Aruba CX 6200F | ||
| HPE Aruba CX 6200M | ||
| HPE Aruba CX 6200M 24G | ||
| HPE Aruba CX 6300M 24-port | ||
| Aruba CX 6300 | ||
| HPE Aruba CX 6405 | ||
| HPE Aruba CX 6410 | ||
| Aruba CX 8320 | ||
| Aruba CX 8320 | ||
| HPE Aruba 8325-32C | ||
| Aruba CX 8325 | ||
| Aruba CX 8360 | ||
| Aruba CX 8360 | ||
| HPE Aruba 8360-24XF2C | ||
| Aruba CX 8360 | ||
| Aruba CX 8360 | ||
| Aruba CX 8360 | ||
| HPE Aruba 8400X | ||
| HPE Aruba CX 9300-32D |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability?
The vulnerability ID for this command injection vulnerability is CVE-2023-3718.
What is the severity of CVE-2023-3718?
The severity of CVE-2023-3718 is high.
Which software is affected by CVE-2023-3718?
The affected software is Hpe Arubaos-cx versions 10.10.0000 to 10.10.1050 and 10.11.0000 to 10.11.1010.
How can the command injection vulnerability be exploited?
The command injection vulnerability can be exploited by executing arbitrary commands on the underlying operating system as a privileged user on the affected switch.
Is there a fix available for CVE-2023-3718?
Yes, it is recommended to update to a version of Hpe Arubaos-cx that is not vulnerable to this issue.
- collector/nvd-latest
- agent/author
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/hpe
- canonical/aruba networks aos-cx firmware
- version/aruba networks aos-cx firmware/10.10.0000
- version/aruba networks aos-cx firmware/10.10.1050
- version/aruba networks aos-cx firmware/10.11.0000
- version/aruba networks aos-cx firmware/10.11.1010
- canonical/hpe aruba cx 10000-48y6
- canonical/aruba networks cx 4100i
- canonical/hpe aruba cx 6000
- canonical/aruba networks cx 6100
- canonical/hpe aruba cx 6200f 48g
- canonical/aruba cx 6200f
- canonical/hpe aruba cx 6200m
- canonical/hpe aruba cx 6200m 24g
- canonical/hpe aruba cx 6300m 24-port
- canonical/aruba cx 6300
- canonical/hpe aruba cx 6405
- canonical/hpe aruba cx 6410
- canonical/aruba cx 8320
- canonical/hpe aruba 8325-32c
- canonical/aruba cx 8325
- canonical/aruba cx 8360
- canonical/hpe aruba 8360-24xf2c
- canonical/hpe aruba 8400x
- canonical/hpe aruba cx 9300-32d