fkie_nvd - fkie_cve-2023-35977

fkie_cve-2023-35977

Vulnerability from fkie_nvd

Published

2023-07-05 15:15

Modified

2024-11-21 08:09

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.

References

▶	URL	Tags
	security-alert@hpe.com	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	mc-va-10	-
arubanetworks	mc-va-1k	-
arubanetworks	mc-va-250	-
arubanetworks	mc-va-50	-
arubanetworks	mcr-va-10k	-
arubanetworks	mcr-va-1k	-
arubanetworks	mcr-va-50	-
arubanetworks	mcr-va-500	-
arubanetworks	mcr-va-5k	-
arubanetworks	sd-wan	-
arubanetworks	mcr-hw-10k	-
arubanetworks	mcr-hw-1k	-
arubanetworks	mcr-hw-5k	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
              "versionEndExcluding": "8.6.0.21",
              "versionStartIncluding": "6.5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
              "versionEndExcluding": "8.10.0.7",
              "versionStartIncluding": "8.7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
              "versionEndExcluding": "8.11.1.1",
              "versionStartIncluding": "8.11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
              "versionEndExcluding": "10.4.0.2",
              "versionStartIncluding": "10.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
    }
  ],
  "id": "CVE-2023-35977",
  "lastModified": "2024-11-21T08:09:05.807",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-05T15:15:09.720",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-35977 (GCVE-0-2023-35977)

Vulnerability from cvelistv5

Published

2023-07-05 14:47

Modified

2024-12-04 15:38

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

►

URL

Tags

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt