VDB
CISA-2023-22776
CISA-2023-22776
PUBLISHED
CVSS 4.9 MEDIUM
Reported by hpe · Published February 28, 2023
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
Risk Scores
CVSS 3.1
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | ArubaOS 8.6.x.x: 8.6.0.19 and below, ArubaOS 8.10.x.x: 8.10.0.4 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below |
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | ArubaOS 8.6.x.x: 8.6.0.19 and below, ArubaOS 10.3.x.x: 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
Timeline
- Feb 28, 2023 CVE Published
- Mar 7, 2025 CVE Updated