CVE-2023-39267

Summary

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.09.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.07.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.06.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.05.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.03.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.02.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 16.01.xxxx: All versions.affected
Hewlett Packard EnterpriseArubaOS-SwitchArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below.affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References