CVE-2023-22773

Summary

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.6.x.x: 8.6.0.19 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.10.x.x: 8.10.0.4 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 10.3.x.x: 10.3.1.0 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralSD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and belowaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References