CVSS: 3.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54010 – Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches
https://notcve.org/view.php?id=CVE-2024-54010
08 Jan 2025 — A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leadi... • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04772.txt • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23688
https://notcve.org/view.php?id=CVE-2022-23688
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23689
https://notcve.org/view.php?id=CVE-2022-23689
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23690
https://notcve.org/view.php?id=CVE-2022-23690
06 Sep 2022 — A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has r... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2022-23691
https://notcve.org/view.php?id=CVE-2022-23691
06 Sep 2022 — A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch D... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23686
https://notcve.org/view.php?id=CVE-2022-23686
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23687
https://notcve.org/view.php?id=CVE-2022-23687
06 Sep 2022 — Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulner... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23680
https://notcve.org/view.php?id=CVE-2022-23680
06 Sep 2022 — AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. AOS-CX carece de protecciones Anti-CSR... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23681
https://notcve.org/view.php?id=CVE-2022-23681
06 Sep 2022 — Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security v... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-23682
https://notcve.org/view.php?id=CVE-2022-23682
06 Sep 2022 — Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version(s): AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security v... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •