- 212/2023
- High
Aruba has released security updates to address multiple vulnerabilities affecting HPE Aruba Networking Switches.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause denial of service attacks, perform cross-site scripting (XSS) attacks, and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Unauthenticated Stored Cross-Site Scripting Vulnerability in ArubaOS-Switch(CVE-2023-39266):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface (CVE-2023-39267):
- CVSS: 6.6
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Aruba 2530, 2540, 2920, 3810 Series Switches.
- Aruba 2930F, 2930M, 5400R Series Switches.
Vulnerabilities
- CVE-2023-39266
- CVE-2023-39267
- CVE-2023-39268
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.