// For flags

CVE-2022-23680

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

AOS-CX carece de protecciones Anti-CSRF en las operaciones de cambio de estado. Esto puede ser potencialmente explotado por un atacante para ejecutar comandos en el contexto de otro usuario en ArubaOS-CX Switches versiĆ³n(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anterior. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-09-06 CVE Published
  • 2024-03-29 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe