CVSS: 9.0EPSS: 5%CPEs: 28EXPL: 0CVE-2023-3718 – Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2023-3718
01 Aug 2023 — An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de AOS-CX. La explotación exitosa... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 23EXPL: 0CVE-2023-1168 – Authenticated Remote Code Execution in Aruba CX Switches
https://notcve.org/view.php?id=CVE-2023-1168
21 Mar 2023 — An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41003
https://notcve.org/view.php?id=CVE-2021-41003
02 Mar 2022 — Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt •
CVSS: 8.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41002
https://notcve.org/view.php?id=CVE-2021-41002
02 Mar 2022 — Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 2%CPEs: 17EXPL: 0CVE-2021-41000
https://notcve.org/view.php?id=CVE-2021-41000
02 Mar 2022 — Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 17EXPL: 0CVE-2021-41001
https://notcve.org/view.php?id=CVE-2021-41001
02 Mar 2022 — An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this se... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •