Multiple Aruba switches buffer overflow | CVE-2022-23676
NAME
Multiple Aruba switches buffer overflow
- Platforms Affected:
Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series - Risk Level:
8.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Multiple Aruba switches are vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the RADIUS client implementation. By sending specially-crafted data, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the switch.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Aruba switches, available from the Aruba Web site. See References.
- Reference Link:
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ - Reference Link:
https://www.arubanetworks.com/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
