CVE-2023-39268
First published: Tue Aug 29 2023(Updated: )
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Arubaos-switch | <a.15.16.0026 | |
| Hpe Arubaos-switch | >=16.01.0000<16.04.0027 | |
| Hpe Arubaos-switch | >=16.05.0000<16.08.0027 | |
| Hpe Arubaos-switch | >=16.10.0001<16.10.0024 | |
| Hpe Arubaos-switch | >=16.11.0001<16.11.0013 | |
| Arubanetworks Aruba 2530 | ||
| Arubanetworks Aruba 2530ya | ||
| Arubanetworks Aruba 2530yb | ||
| Arubanetworks Aruba 2540 | ||
| Arubanetworks Aruba 2920 | ||
| Arubanetworks Aruba 2930f | ||
| Arubanetworks Aruba 2930m | ||
| Arubanetworks Aruba 3810m | ||
| Arubanetworks Aruba 5406r Zl2 | ||
| Arubanetworks Aruba 5412r Zl2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-39268?
The severity of CVE-2023-39268 is critical with a score of 9.8.
How does the vulnerability in ArubaOS-Switch impact the system?
The vulnerability in ArubaOS-Switch can lead to unauthenticated remote code execution, allowing an attacker to execute arbitrary code as a privileged user on the underlying operating system.
What software versions are affected by CVE-2023-39268?
The affected software versions include Hpe Arubaos-switch up to but not including version a.15.16.0026, versions between 16.01.0000 and 16.04.0027, versions between 16.05.0000 and 16.08.0027, versions between 16.10.0001 and 16.10.0024, and versions between 16.11.0001 and 16.11.0013.
How can I fix the vulnerability in ArubaOS-Switch?
To fix the vulnerability in ArubaOS-Switch, it is recommended to upgrade to a version that is not vulnerable.
Where can I find more information about CVE-2023-39268?
More information about CVE-2023-39268 can be found at the following reference: [https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/hpe
- canonical/hpe arubaos-switch
- version/hpe arubaos-switch/16.01.0000
- version/hpe arubaos-switch/16.05.0000
- version/hpe arubaos-switch/16.10.0001
- version/hpe arubaos-switch/16.11.0001
- vendor/arubanetworks
- canonical/arubanetworks aruba 2530
- canonical/arubanetworks aruba 2530ya
- canonical/arubanetworks aruba 2530yb
- canonical/arubanetworks aruba 2540
- canonical/arubanetworks aruba 2920
- canonical/arubanetworks aruba 2930f
- canonical/arubanetworks aruba 2930m
- canonical/arubanetworks aruba 3810m
- canonical/arubanetworks aruba 5406r zl2
- canonical/arubanetworks aruba 5412r zl2