VDB

CISA-2023-22773

CISA-2023-22773 PUBLISHED CVSS 7.2 HIGH

Reported by hpe · Published February 28, 2023

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.

Risk Scores

CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.6.x.x: 8.6.0.19 and below, ArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central*, ArubaOS 10.3.x.x: 10.3.1.0 and below, *

Timeline

  • Feb 28, 2023 CVE Published
  • Mar 7, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›