{ "id": "CVE-2023-39266", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-08-29T20:15:09.637", "lastModified": "2023-09-11T13:38:57.110", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.\n\n\n" }, { "lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de ArubaOS-Switch podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz, siempre que ciertas opciones de configuraci\u00f3n est\u00e9n presentes. Un exploit exitoso podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de la v\u00edctima en el contexto de la interfaz afectada." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 }, { "source": "security-alert@hpe.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.6, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "versionEndExcluding": "a.15.16.0026", "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.01.0000", "versionEndExcluding": "16.04.0027", "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.05.0000", "versionEndExcluding": "16.08.0027", "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.10.0001", "versionEndExcluding": "16.10.0024", "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039" }, { "vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0001", "versionEndExcluding": "16.11.0013", "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4" } ] } ] } ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ] } ] }