VDB

CISA-2023-22776

CISA-2023-22776 PUBLISHED CVSS 4.9 MEDIUM

Reported by hpe · Published February 28, 2023

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

Risk Scores

CVSS 3.1
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.6.x.x: 8.6.0.19 and below, ArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below
Hewlett Packard Enterprise (HPE)Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba CentralArubaOS 8.6.x.x: 8.6.0.19 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below

Timeline

  • Feb 28, 2023 CVE Published
  • Mar 7, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›