CVE-2023-39268: Memory Corruption Vulnerability in ArubaOS-Switch
First published: Tue Aug 29 2023(Updated: )
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ArubaOS-Switch | <a.15.16.0026 | |
| ArubaOS-Switch | >=16.01.0000<16.04.0027 | |
| ArubaOS-Switch | >=16.05.0000<16.08.0027 | |
| ArubaOS-Switch | >=16.10.0001<16.10.0024 | |
| ArubaOS-Switch | >=16.11.0001<16.11.0013 | |
| Aruba 2530 | ||
| Aruba 2530 | ||
| Aruba 2530 | ||
| Aruba 2540 | ||
| Aruba 2920 | ||
| Aruba 2930F | ||
| Aruba 2930M | ||
| Aruba 3810M | ||
| Aruba 5406R ZL2 Firmware | ||
| Aruba 5412R ZL2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-39268?
The severity of CVE-2023-39268 is critical with a score of 9.8.
How does the vulnerability in ArubaOS-Switch impact the system?
The vulnerability in ArubaOS-Switch can lead to unauthenticated remote code execution, allowing an attacker to execute arbitrary code as a privileged user on the underlying operating system.
What software versions are affected by CVE-2023-39268?
The affected software versions include Hpe Arubaos-switch up to but not including version a.15.16.0026, versions between 16.01.0000 and 16.04.0027, versions between 16.05.0000 and 16.08.0027, versions between 16.10.0001 and 16.10.0024, and versions between 16.11.0001 and 16.11.0013.
How can I fix the vulnerability in ArubaOS-Switch?
To fix the vulnerability in ArubaOS-Switch, it is recommended to upgrade to a version that is not vulnerable.
Where can I find more information about CVE-2023-39268?
More information about CVE-2023-39268 can be found at the following reference: [https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt).
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hpe
- canonical/arubaos-switch
- version/arubaos-switch/16.01.0000
- version/arubaos-switch/16.05.0000
- version/arubaos-switch/16.10.0001
- version/arubaos-switch/16.11.0001
- vendor/arubanetworks
- canonical/aruba 2530
- canonical/aruba 2540
- canonical/aruba 2920
- canonical/aruba 2930f
- canonical/aruba 2930m
- canonical/aruba 3810m
- canonical/aruba 5406r zl2 firmware
- canonical/aruba 5412r zl2