CVSS: 9.0EPSS: 0%CPEs: 48EXPL: 0CVE-2022-23684
https://notcve.org/view.php?id=CVE-2022-23684
06 Sep 2022 — A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23679
https://notcve.org/view.php?id=CVE-2022-23679
06 Sep 2022 — AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. AOS-CX carece de protecciones Anti-CSR... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.2EPSS: 0%CPEs: 35EXPL: 0CVE-2021-29149
https://notcve.org/view.php?id=CVE-2021-29149
22 Jul 2021 — A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX dev... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2021-29148
https://notcve.org/view.php?id=CVE-2021-29148
22 Jul 2021 — A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devic... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 6%CPEs: 35EXPL: 0CVE-2021-29143
https://notcve.org/view.php?id=CVE-2021-29143
22 Jul 2021 — A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •