VDB
CISA-2023-22755
CISA-2023-22755
PUBLISHED
CVSS 8.1 HIGH
Reported by hpe · Published February 28, 2023
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Risk Scores
CVSS 3.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | ArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | ArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Timeline
- Feb 28, 2023 CVE Published
- Mar 7, 2025 CVE Updated