// For flags

CVE-2022-23691

 

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Se presenta una vulnerabilidad en determinados modelos de switches AOS-CX que podría permitir a un atacante con acceso a la consola de recuperación omitir la autenticación normal. Una explotación con éxito permite a un atacante omitir la autenticación del sistema y lograr el compromiso total del switch en los Switches ArubaOS-CX versión(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1070 y anteriores, AOS-CX 10.06.xxxx: 10.06.0210 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-09-06 CVE Published
  • 2024-08-03 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt 2023-08-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.06.0000 <= 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.08.0000 <= 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.09.0000 <= 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.10.0000 <= 10.10.0002
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 10000
Search vendor "Arubanetworks" for product "Cx 10000"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.06.0000 <= 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.08.0000 <= 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.09.0000 <= 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.10.0000 <= 10.10.0002
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8325
Search vendor "Arubanetworks" for product "Cx 8325"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.06.0000 <= 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.08.0000 <= 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.09.0000 <= 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.10.0000 <= 10.10.0002
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 8320
Search vendor "Arubanetworks" for product "Cx 8320"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.06.0000 <= 10.06.0210
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.08.0000 <= 10.08.1070
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.09.0000 <= 10.09.1030
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe
Arubanetworks
Search vendor "Arubanetworks"
 Aos-cx
Search vendor "Arubanetworks" for product "Aos-cx"
 >= 10.10.0000 <= 10.10.0002
Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"
-
Affected
in Arubanetworks
Search vendor "Arubanetworks"
 Cx 9300
Search vendor "Arubanetworks" for product "Cx 9300"
--
Safe