CVE-2023-39268

Published Aug 29, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Source: security-alert@hpe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD",
            "versionEndExcluding": "a.15.16.0026"
          },
          {
            "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9",
            "versionEndExcluding": "16.04.0027",
            "versionStartIncluding": "16.01.0000"
          },
          {
            "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0",
            "versionEndExcluding": "16.08.0027",
            "versionStartIncluding": "16.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039",
            "versionEndExcluding": "16.10.0024",
            "versionStartIncluding": "16.10.0001"
          },
          {
            "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4",
            "versionEndExcluding": "16.11.0013",
            "versionStartIncluding": "16.11.0001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0"
          },
          {
            "criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References