- 187/2023
- High
Write here description section (bold)Aruba has released a security update to fix a vulnerability in Aruba CX Switches.
The addressed vulnerability could allow the remote authenticated attacker to execute arbitrary commands as a privileged user and fully compromise the underlying operating system on the device running AOS-CX.
HPE Aruba Networking CX Switches Command Execution (CVE-2023 3718):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
The affected versions:
- Aruba CX 10000 Switch Series.
- Aruba CX 9300 Switch Series.
- Aruba CX (8400, 8360, 8325, 8320) Switch Series.
- Aruba CX (6400, 6300,6200, 6100) Switch Series.
- Aruba CX 4100i Switch Series.
- AOS-CX 10.11.xxxx: 10.11.1010 and below.
- AOS-CX 10.10.xxxx: 10.10.1050 and below.
Vulnerabilities
CVE-2023-3718
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.