CVE-2023-30509

Summary

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba EdgeConnect Enterprise SoftwareECOS 9.2.x.x <= 9.2.3.0affected
Hewlett Packard Enterprise (HPE)Aruba EdgeConnect Enterprise SoftwareECOS 9.1.x.x <= 9.1.5.0affected
Hewlett Packard Enterprise (HPE)Aruba EdgeConnect Enterprise SoftwareECOS 9.0.x.x <= 9.0.8.0affected
Hewlett Packard Enterprise (HPE)Aruba EdgeConnect Enterprise SoftwareECOS 8.x.x.x <= allaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References