First published: Tue Nov 14 2023(Updated: )
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|Affected Software||Affected Version||How to fix|
CVE-2023-45615 is a vulnerability in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets to the PAPI (Aruba's access point management protocol) UDP port (8211).
CVE-2023-45615 has a severity rating of 9.8 (Critical).
CVE-2023-45615 affects ArubaOS versions 10.3.0.0 to 10.4.0.3, and 10.5.0.0. It also affects HP InstantOS versions 126.96.36.199 to 188.8.131.52, 184.108.40.206 to 220.127.116.11, and 18.104.22.168 to 22.214.171.124.
CVE-2023-45615 can be exploited by sending specially crafted packets to the PAPI UDP port (8211) of the affected devices.
Yes, a fix for CVE-2023-45615 is available. Please refer to the vendor's advisory for the appropriate patch or update.