CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39268 – Memory Corruption Vulnerability in ArubaOS-Switch
https://notcve.org/view.php?id=CVE-2023-39268
29 Aug 2023 — A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Una vulnerabilidad de corrupción de memoria en ArubaOS-Switch podría provocar la ejecución remota de código no autenticado al recibir paquetes especialmente manipulados. La explotación exitosa de esta vulnerabilidad ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39267 – Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface
https://notcve.org/view.php?id=CVE-2023-39267
29 Aug 2023 — An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch. Existe una vulnerabilidad de ejecución remota de código autenticada en la interfaz de línea de comandos de ArubaOS-Switch. La explotación exitosa da como resultado una condición de denegación de servicio (DoS) en el switch. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt •
CVSS: 8.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39266 – Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch
https://notcve.org/view.php?id=CVE-2023-39266
29 Aug 2023 — A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Una vulnerabilidad en la interfaz de administración web de ArubaOS-Switch podría permitir que un atacante remoto no autent... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •