Code Injection in Aruba Networks products - CVE-2022-23677
Published: May 3, 2022
Vulnerability identifier: #VU62751
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-23677
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Aruba Networks
Affected software:
Aruba 5400R
Aruba 3810
Aruba 2920
Aruba 2930F
Aruba 2930M
Aruba 2530
Aruba 2540
Aruba 5400R
Aruba 3810
Aruba 2920
Aruba 2930F
Aruba 2930M
Aruba 2530
Aruba 2540
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the NanoSSL library. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2022-23677
Install updates from vendor's website.