CVSS: 3.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54010 – Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches
https://notcve.org/view.php?id=CVE-2024-54010
08 Jan 2025 — A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leadi... • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04772.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23688
https://notcve.org/view.php?id=CVE-2022-23688
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23689
https://notcve.org/view.php?id=CVE-2022-23689
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2022-23691
https://notcve.org/view.php?id=CVE-2022-23691
06 Sep 2022 — A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch D... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23690
https://notcve.org/view.php?id=CVE-2022-23690
06 Sep 2022 — A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has r... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23686
https://notcve.org/view.php?id=CVE-2022-23686
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23687
https://notcve.org/view.php?id=CVE-2022-23687
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23681
https://notcve.org/view.php?id=CVE-2022-23681
06 Sep 2022 — Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security v... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23682
https://notcve.org/view.php?id=CVE-2022-23682
06 Sep 2022 — Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security v... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23683
https://notcve.org/view.php?id=CVE-2022-23683
06 Sep 2022 — Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •