2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-23691" ,
"sourceIdentifier" : "security-alert@hpe.com" ,
"published" : "2022-09-06T18:15:11.390" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T06:49:06.793" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability."
} ,
{
"lang" : "es" ,
"value" : "Se presenta una vulnerabilidad en determinados modelos de switches AOS-CX que podr\u00eda permitir a un atacante con acceso a la consola de recuperaci\u00f3n omitir la autenticaci\u00f3n normal. Una explotaci\u00f3n con \u00e9xito permite a un atacante omitir la autenticaci\u00f3n del sistema y lograr el compromiso total del switch en los Switches ArubaOS-CX versi\u00f3n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1070 y anteriores, AOS-CX 10.06.xxxx: 10.06.0210 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.\n"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.8 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "PHYSICAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 0.9 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
2024-04-04 08:46:00 +00:00
"value" : "NVD-CWE-noinfo"
2023-04-24 12:24:31 +02:00
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.06.0000" ,
"versionEndIncluding" : "10.06.0210" ,
"matchCriteriaId" : "EDFA4485-2536-4A2F-8C9E-8D563D9154D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.08.0000" ,
"versionEndIncluding" : "10.08.1070" ,
"matchCriteriaId" : "1F08D076-E6F5-4168-825E-76ACA0381B6E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.09.0000" ,
"versionEndIncluding" : "10.09.1030" ,
"matchCriteriaId" : "08415D6F-9E00-4168-8FCD-70A97994F33F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.10.0000" ,
"versionEndIncluding" : "10.10.0002" ,
"matchCriteriaId" : "3153DF3A-4734-4A19-84DE-6CD94336B4D6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:arubanetworks:cx_10000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C7FDB8CF-F5C9-470E-B6B4-B541B9C8006B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.06.0000" ,
"versionEndIncluding" : "10.06.0210" ,
"matchCriteriaId" : "EDFA4485-2536-4A2F-8C9E-8D563D9154D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.08.0000" ,
"versionEndIncluding" : "10.08.1070" ,
"matchCriteriaId" : "1F08D076-E6F5-4168-825E-76ACA0381B6E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.09.0000" ,
"versionEndIncluding" : "10.09.1030" ,
"matchCriteriaId" : "08415D6F-9E00-4168-8FCD-70A97994F33F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.10.0000" ,
"versionEndIncluding" : "10.10.0002" ,
"matchCriteriaId" : "3153DF3A-4734-4A19-84DE-6CD94336B4D6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9645D616-077B-4313-B5EF-155B642CB073"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.06.0000" ,
"versionEndIncluding" : "10.06.0210" ,
"matchCriteriaId" : "EDFA4485-2536-4A2F-8C9E-8D563D9154D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.08.0000" ,
"versionEndIncluding" : "10.08.1070" ,
"matchCriteriaId" : "1F08D076-E6F5-4168-825E-76ACA0381B6E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.09.0000" ,
"versionEndIncluding" : "10.09.1030" ,
"matchCriteriaId" : "08415D6F-9E00-4168-8FCD-70A97994F33F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.10.0000" ,
"versionEndIncluding" : "10.10.0002" ,
"matchCriteriaId" : "3153DF3A-4734-4A19-84DE-6CD94336B4D6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.06.0000" ,
"versionEndIncluding" : "10.06.0210" ,
"matchCriteriaId" : "EDFA4485-2536-4A2F-8C9E-8D563D9154D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.08.0000" ,
"versionEndIncluding" : "10.08.1070" ,
"matchCriteriaId" : "1F08D076-E6F5-4168-825E-76ACA0381B6E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.09.0000" ,
"versionEndIncluding" : "10.09.1030" ,
"matchCriteriaId" : "08415D6F-9E00-4168-8FCD-70A97994F33F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:arubanetworks:aos-cx:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.10.0000" ,
"versionEndIncluding" : "10.10.0002" ,
"matchCriteriaId" : "3153DF3A-4734-4A19-84DE-6CD94336B4D6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:arubanetworks:cx_9300:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C173D28A-1B18-4BB6-8CF2-95AFC62338DD"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt" ,
"source" : "security-alert@hpe.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
