CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23679
https://notcve.org/view.php?id=CVE-2022-23679
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. AOS-CX carece de protecciones Anti-CSRF en las operaciones de cambio de estado. Esto puede ser potencialmente explotado por un atacante para ejecutar comandos en el contexto de otro usuario en ArubaOS-CX Switches versión(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anterior. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.2EPSS: 0%CPEs: 35EXPL: 0CVE-2021-29149
https://notcve.org/view.php?id=CVE-2021-29149
A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. Se ha detectado una vulnerabilidad de omisión de restricciones de seguridad local en Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series, versiones: Aruba AOS-CX versiones de firmware: 10.04.xxxx - anteriores a 10.04.3070, versiones10.05.xxxx - anteriores a 10.05.0070, versiones 10.06.xxxx - anteriores a 10.06.0110, versiones 10.07.xxxx - anteriores a 10.07.0001. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX que solucionan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2021-29148
https://notcve.org/view.php?id=CVE-2021-29148
A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. Se ha detectado una vulnerabilidad local de tipo cross-site scripting (XSS) en Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series, versiones de firmware: Aruba AOS-CX : versiones 10.04.xxxx - anteriores a 10.04.3070, versiones 10.05.xxxx - anteriores a 10.05.0070, versiones 10.06.xxxx - anteriores a 10.06.0110, versiones 10.07.xxxx - anteriores a 10.07.0001. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX, que solucionan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 35EXPL: 0CVE-2021-29143
https://notcve.org/view.php?id=CVE-2021-29143
A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. Se ha detectado una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series, versiones de firmware: Aruba AOS-CX : versiones 10.04.xxxx - anteriores a 10.04.3070, versiones 10.05.xxxx - anteriores a 10.05.0070, versiones 10.06.xxxx - anteriores a 10.06.0110, versiones 10.07.xxxx - anteriores a 10.07.0001. Aruba ha publicado actualizaciones para los dispositivos Aruba AOS-CX, que solucionan esta vulnerabilidad de seguridad • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •