CVE-2022-23677

10.05.2022, 19:15

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
hpe	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
arubanetworks	5406r_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	5406r_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	5406r_firmware	16.03.0 ≤ 𝑥 < 16.04.0024
arubanetworks	5406r_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	5406r_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	5406r_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	5406r_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2920_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2920_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2920_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2920_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2920_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2920_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2920_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2930f_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2930f_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2930f_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2930f_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2930f_firmware	16.09.0 ≤ 𝑥 ≤ 16.09.0020
arubanetworks	2930f_firmware	16.10.0 ≤ 𝑥 ≤ 16.10.0020
arubanetworks	2930f_firmware	16.11.0 ≤ 𝑥 ≤ 16.11.0004
arubanetworks	2930m_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2930m_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2930m_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2930m_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2930m_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2930m_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2930m_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2530_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2530_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2530_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2530_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2530_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2530_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2530_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2540_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2540_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2540_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2540_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2540_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2540_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2540_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	5412r_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	5412r_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	5412r_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	5412r_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	5412r_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	5412r_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	5412r_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2615_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2615_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2615_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2615_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2615_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2615_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2615_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2620_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2620_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2620_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2620_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2620_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2620_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2620_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	2915_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	2915_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	2915_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	2915_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	2915_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	2915_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	2915_firmware	16.11.0 ≤ 𝑥 < 16.11.0004
arubanetworks	3810m_firmware	15.00.0 ≤ 𝑥 ≤ 15.16.0023
arubanetworks	3810m_firmware	16.01.0 ≤ 𝑥 < 16.02.0034
arubanetworks	3810m_firmware	16.03.0 ≤ 𝑥 ≤ 16.04.0024
arubanetworks	3810m_firmware	16.05.0 ≤ 𝑥 < 16.08.0025
arubanetworks	3810m_firmware	16.09.0 ≤ 𝑥 < 16.09.0020
arubanetworks	3810m_firmware	16.10.0 ≤ 𝑥 < 16.10.0020
arubanetworks	3810m_firmware	16.11.0 ≤ 𝑥 < 16.11.0004

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt