Home

Description

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

PUBLISHED Reserved 2023-07-17 | Published 2023-08-01 | Updated 2024-10-22 | Assigner hpe




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

AOS-CX 10.11.xxxx: 10.11.1010 and below
affected

AOS-CX 10.10.xxxx: 10.10.1050 and below
affected

Credits

Nick Starke of Aruba Threat Labs finder

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt

cve.org (CVE-2023-3718)

nvd.nist.gov (CVE-2023-3718)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.