First published: Tue Aug 01 2023(Updated: )
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
Credit: security-alert@hpe.com security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hpe Arubaos-cx | >=10.10.0000<=10.10.1050 | |
Hpe Arubaos-cx | >=10.11.0000<=10.11.1010 | |
Hpe Aruba Cx 10000-48y6 | ||
Hpe Aruba Cx 4100i | ||
Hpe Aruba Cx 6000 12g | ||
Hpe Aruba Cx 6000 24g | ||
Hpe Aruba Cx 6000 48g | ||
Hpe Aruba Cx 6100 | ||
Hpe Aruba Cx 6200f | ||
Hpe Aruba Cx 6200f 48g | ||
Hpe Aruba Cx 6200m | ||
Hpe Aruba Cx 6200m 24g | ||
Hpe Aruba Cx 6300m 24p | ||
Hpe Aruba Cx 6300m 48g | ||
Hpe Aruba Cx 6405 | ||
Hpe Aruba Cx 6410 | ||
Hpe Aruba Cx 8320-32 | ||
Hpe Aruba Cx 8320-48p | ||
Hpe Aruba Cx 8325-32c | ||
Hpe Aruba Cx 8325-48y8c | ||
Hpe Aruba Cx 8360-12c | ||
Hpe Aruba Cx 8360-16y2c | ||
Hpe Aruba Cx 8360-24xf2c | ||
Hpe Aruba Cx 8360-32y4c | ||
Hpe Aruba Cx 8360-48xt4c | ||
Hpe Aruba Cx 8360-48y6c | ||
Hpe Aruba Cx 8400 | ||
Hpe Aruba Cx 9300 32d |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this command injection vulnerability is CVE-2023-3718.
The severity of CVE-2023-3718 is high.
The affected software is Hpe Arubaos-cx versions 10.10.0000 to 10.10.1050 and 10.11.0000 to 10.11.1010.
The command injection vulnerability can be exploited by executing arbitrary commands on the underlying operating system as a privileged user on the affected switch.
Yes, it is recommended to update to a version of Hpe Arubaos-cx that is not vulnerable to this issue.