CVE-2023-30504

Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line interface that allow remote authenticated usersto run arbitrary commands on the underlying host. Successfulexploitation of these vulnerabilities result in the abilityto execute arbitrary commands as root on the underlyingoperating system leading to complete system compromise.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
hpeCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
arubanetworksedgeconnect_enterprise
𝑥
≤ 9.0.8.0
arubanetworksedgeconnect_enterprise
9.1.0.0 ≤
𝑥
≤ 9.1.5.0
arubanetworksedgeconnect_enterprise
9.2.0.0 ≤
𝑥
≤ 9.2.3.0
𝑥
= Vulnerable software versions
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt