CVE-2022-23691

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Se presenta una vulnerabilidad en determinados modelos de switches AOS-CX que podría permitir a un atacante con acceso a la consola de recuperación omitir la autenticación normal. Una explotación con éxito permite a un atacante omitir la autenticación del sistema y lograr el compromiso total del switch en los Switches ArubaOS-CX versión(es): AOS-CX 10.10.xxxx: 10.10.0002 y anteriores, AOS-CX 10.09.xxxx: 10.09.1030 y anteriores, AOS-CX 10.08.xxxx: 10.08.1070 y anteriores, AOS-CX 10.06.xxxx: 10.06.0210 y anteriores. Aruba ha publicado actualizaciones para los dispositivos ArubaOS-CX Switches que abordan esta vulnerabilidad de seguridad.

*Credits: N/A

CVSS Scores

NISTv3.1 6.8

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-09-06 CVE Published
2024-03-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt	2023-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.06.0000 <= 10.06.0210 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 10000 Search vendor "Arubanetworks" for product "Cx 10000"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.08.0000 <= 10.08.1070 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 10000 Search vendor "Arubanetworks" for product "Cx 10000"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.09.0000 <= 10.09.1030 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 10000 Search vendor "Arubanetworks" for product "Cx 10000"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.10.0000 <= 10.10.0002 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 10000 Search vendor "Arubanetworks" for product "Cx 10000"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.06.0000 <= 10.06.0210 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8325 Search vendor "Arubanetworks" for product "Cx 8325"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.08.0000 <= 10.08.1070 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8325 Search vendor "Arubanetworks" for product "Cx 8325"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.09.0000 <= 10.09.1030 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8325 Search vendor "Arubanetworks" for product "Cx 8325"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.10.0000 <= 10.10.0002 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8325 Search vendor "Arubanetworks" for product "Cx 8325"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.06.0000 <= 10.06.0210 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8320 Search vendor "Arubanetworks" for product "Cx 8320"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.08.0000 <= 10.08.1070 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8320 Search vendor "Arubanetworks" for product "Cx 8320"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.09.0000 <= 10.09.1030 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8320 Search vendor "Arubanetworks" for product "Cx 8320"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.10.0000 <= 10.10.0002 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 8320 Search vendor "Arubanetworks" for product "Cx 8320"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.06.0000 <= 10.06.0210 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.06.0000 <= 10.06.0210"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 9300 Search vendor "Arubanetworks" for product "Cx 9300"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.08.0000 <= 10.08.1070 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.08.0000 <= 10.08.1070"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 9300 Search vendor "Arubanetworks" for product "Cx 9300"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.09.0000 <= 10.09.1030 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.09.0000 <= 10.09.1030"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 9300 Search vendor "Arubanetworks" for product "Cx 9300"	-	-	Safe
Arubanetworks Search vendor "Arubanetworks"	Aos-cx Search vendor "Arubanetworks" for product "Aos-cx"	>= 10.10.0000 <= 10.10.0002 Search vendor "Arubanetworks" for product "Aos-cx" and version " >= 10.10.0000 <= 10.10.0002"	-	Affected	in	Arubanetworks Search vendor "Arubanetworks"	Cx 9300 Search vendor "Arubanetworks" for product "Cx 9300"	-	-	Safe