CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39268 – Memory Corruption Vulnerability in ArubaOS-Switch
https://notcve.org/view.php?id=CVE-2023-39268
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Una vulnerabilidad de corrupción de memoria en ArubaOS-Switch podría provocar la ejecución remota de código no autenticado al recibir paquetes especialmente manipulados. La explotación exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar código arbitrario como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39267 – Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface
https://notcve.org/view.php?id=CVE-2023-39267
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch. Existe una vulnerabilidad de ejecución remota de código autenticada en la interfaz de línea de comandos de ArubaOS-Switch. La explotación exitosa da como resultado una condición de denegación de servicio (DoS) en el switch. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt •
CVSS: 8.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-39266 – Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch
https://notcve.org/view.php?id=CVE-2023-39266
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Una vulnerabilidad en la interfaz de administración web de ArubaOS-Switch podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz, siempre que ciertas opciones de configuración estén presentes. Un exploit exitoso podría permitir a un atacante ejecutar código de script arbitrario en el navegador de la víctima en el contexto de la interfaz afectada. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2021-25141
https://notcve.org/view.php?id=CVE-2021-25141
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability. Se ha identificado una vulnerabilidad de seguridad en determinado firmware del switch HPE y Aruba L2/L3. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us •