CVE-2023-35973

Summary

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central- ArubaOS 10.4.x.x: 10.4.0.1 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central- ArubaOS 8.11.x.x: 8.11.1.0 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central- ArubaOS 8.10.x.x: 8.10.0.6 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central- ArubaOS 8.6.x.x: 8.6.0.20 and belowaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References