CVE-2023-3718

Summary

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba CX SwitchesAOS-CX 10.11.xxxx: 10.11.1010 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba CX SwitchesAOS-CX 10.10.xxxx: 10.10.1050 and belowaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References