VDB
CISA-2023-22773
CISA-2023-22773
PUBLISHED
CVSS 7.2 HIGH
Reported by hpe · Published February 28, 2023
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
Risk Scores
CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | ArubaOS 8.6.x.x: 8.6.0.19 and below, ArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below |
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | *, ArubaOS 10.3.x.x: 10.3.1.0 and below, * |
Timeline
- Feb 28, 2023 CVE Published
- Mar 7, 2025 CVE Updated