// For flags

CVE-2022-23684

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Una vulnerabilidad en la interfaz de administración basada en web de AOS-CX podría permitir a un usuario remoto autenticado privilegiado de sólo lectura escalar sus permisos a los de un usuario administrativo. Una explotación con éxito de esta vulnerabilidad permite a un atacante escalar los privilegios más allá de su nivel autorizado en los Switches ArubaOS-CX versión(es): AOS-CX 10.09.xxxx: 10.09.1020 y anteriores, AOS-CX 10.08.xxxx: 10.08.1060 y anteriores, AOS-CX 10.06.xxxx: 10.06.0200 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-09-06 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8360
Search vendor "Arubanetworks" for product "Cx 8360"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6400
Search vendor "Arubanetworks" for product "Cx 6400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6300
Search vendor "Arubanetworks" for product "Cx 6300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6200f
Search vendor "Arubanetworks" for product "Cx 6200f"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6100
Search vendor "Arubanetworks" for product "Cx 6100"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 6000
Search vendor "Arubanetworks" for product "Cx 6000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 4100i
Search vendor "Arubanetworks" for product "Cx 4100i"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.06.0000 < 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 < 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.08.0000 < 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 < 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
>= 10.09.0000 < 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 < 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
Cx 8400
Search vendor "Arubanetworks" for product "Cx 8400"
--
Safe