CVE-2023-38484

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
arubanetworksarubaos
8.6.0.0 ≤
𝑥
< 8.6.0.22
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.7
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.1.1
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.0.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
hewlett_packard_enterprise9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan
aruba-os-10.4.x.x ≤
𝑥
≤ 10.4.0.1
ADP
hewlett_packard_enterprise9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan
aruba-os-8.11.x.x ≤
𝑥
≤ 8.11.1.0
ADP
hewlett_packard_enterprise9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan
aruba-os-8.10.x.x ≤
𝑥
≤ 8.10.0.6
ADP
hewlett_packard_enterprise9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan
aruba-os-8.6.x.x ≤
𝑥
≤ 8.6.0.21
ADP
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt