VDB

CISA-2023-22755

CISA-2023-22755 PUBLISHED CVSS 8.1 HIGH

Reported by hpe · Published February 28, 2023

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Risk Scores

CVSS 3.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below

Timeline

  • Feb 28, 2023 CVE Published
  • Mar 7, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›