CVE-2022-23676

CVSS V2 High 9.3 CVSS V3 Critical 9.8
Description
A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.
Overview
  • CVE ID
  • CVE-2022-23676
  • Assigner
  • security-alert@hpe.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-05-10T19:15:09
  • Last Modified Date
  • 2022-05-25T17:23:34
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:5406r_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:5406r:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:3810m_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:3810m:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2920:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2930f_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2930f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2930m_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2930m:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2530:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2540_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2540:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:5412r_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:5412r:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2615_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2615:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2620_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2620:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 15.00.0 15.16.0023
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 16.01.0 16.02.0034
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 16.03.0 16.04.0024
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 16.05.0 16.08.0025
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 16.09.0 16.09.0020
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 16.10.0 16.10.0020
cpe:2.3:o:arubanetworks:2915_firmware:*:*:*:*:*:*:*:* 1 OR 16.11.0 16.11.0004
cpe:2.3:h:arubanetworks:2915:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-23676
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23676
History
Created Old Value New Value Data Type Notes
2022-05-10 20:00:23 Added to TrackCVE