ArubaOS CLI Authenticated Cmd Injection Vulnerability: CVE-2023-22768 March 2023

ArubaOS CLI Authenticated Cmd Injection Vulnerability
CVE-2023-22768 Published on March 1, 2023

Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Vulnerability Analysis

CVE-2023-22768 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2023-22768

Want to know whenever a new CVE is published for Aruba Networks Sd Wan? stack.watch will email you.

Aruba Networks Sd Wan

Affected Versions

Version ArubaOS 8.6.x.x: 8.6.0.19 and below is affected.

Version ArubaOS 8.10.x.x: 8.10.0.4 and below is affected.

Version ArubaOS 10.3.x.x: 10.3.1.0 and below is affected.

Version SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below is affected.

Exploit Probability

EPSS

0.90%

Percentile

75.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

ArubaOS CLI Authenticated Cmd Injection VulnerabilityCVE-2023-22768 Published on March 1, 2023

Vulnerability Analysis

Products Associated with CVE-2023-22768

Affected Versions

Exploit Probability

ArubaOS CLI Authenticated Cmd Injection Vulnerability
CVE-2023-22768 Published on March 1, 2023