NotCVE - vendor:"Hewlett Packard Enterprise (HPE)" product:"AOS-CX" version:" <= 10.13.1060"

Page 2 of 13 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

CVE-2022-23680

https://notcve.org/view.php?id=CVE-2022-23680

06 Sep 2022 — AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. AOS-CX carece de protecciones Anti-CSR... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.0EPSS: 0%CPEs: 48EXPL: 0

CVE-2022-23684

https://notcve.org/view.php?id=CVE-2022-23684

06 Sep 2022 — A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

CVE-2022-23679

https://notcve.org/view.php?id=CVE-2022-23679

1 2