CVE-2023-39266

Summary

A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.09.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.07.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.06.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.05.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.03.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.02.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.01.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below.affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References