CVE-2022-23681
HIGHArubaOS-CX 10.06.0000-10.06.0180, 10.08.xxxx<=10.08.1030, 10.09.xxxx<=10.09.1030 - Authenticated OS Command Injection
Title source: llmDescription
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt
Scores
CVSS v3
7.8
EPSS
0.0061
EPSS Percentile
69.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
arubanetworks/aos-cx
10.06.0000 - 10.06.0220
Published
Sep 06, 2022
Tracked Since
Feb 18, 2026