// For flags

CVE-2022-23683

 

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.

Se presentan vulnerabilidades de inyección de comandos autenticados en el motor de análisis de red AOS-CX por medio de scripts NAE. Una explotación con éxito de estas vulnerabilidades resulta en la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente, conllevando a un compromiso completo del switch que ejecuta AOS-CX en los Switches ArubaOS-CX versión(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1070 y anteriores, AOS-CX 10.06.xxxx: 10.06.0210 y anterior. Aruba ha publicado actualizaciones para ArubaOS-CX Switch Devices que abordan estas vulnerabilidades de seguridad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-09-06 CVE Published
  • 2024-03-29 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0220
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0220"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1080
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1080"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1040
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1040"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.10.0000 < 10.10.1000
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 < 10.10.1000"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe