Multiple Aruba switches code execution | CVE-2022-23677
NAME
Multiple Aruba switches code execution
- Platforms Affected:
Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Multiple Aruba switches could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the NanoSSL library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the switch.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Aruba switches, available from the Aruba Web site. See References.
- Reference Link:
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ - Reference Link:
https://www.arubanetworks.com/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
