CVSS: 9.0EPSS: 5%CPEs: 28EXPL: 0CVE-2023-3718 – Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2023-3718
01 Aug 2023 — An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de AOS-CX. La explotación exitosa... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 23EXPL: 0CVE-2023-1168 – Authenticated Remote Code Execution in Aruba CX Switches
https://notcve.org/view.php?id=CVE-2023-1168
21 Mar 2023 — An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •