CVE-2023-38486

HIGH

Aruba 9200/9000 - Privilege Escalation

Title source: llm

Description

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

References (1)

Core 1

Core References

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt

Scores

CVSS v3 7.7

EPSS 0.0001

EPSS Percentile 3.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (1)

arubanetworks/arubaos 8.6.0.0 - 8.6.0.22

Published Sep 06, 2023

Tracked Since Feb 18, 2026