Main Vulnerability Database Vulnerabilities #VU66929

#VU66929 Improper Authentication in Aruba Networks products - CVE-2022-23691

Published: September 1, 2022

Vulnerability identifier: #VU66929

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-23691

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
AOS-CX 10000 Switch Series
AOS-CX 9300 Switch Series
AOS-CX 8325 Switch Series
AOS-CX 8320 Switch Series
ArubaOS-CX (AOS-CX)

Software vendor:
Aruba Networks

Description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to an error, which allows an attacker with physical access to recovery console to bypass authentication process and gain unauthorized access to the device.

Remediation

Install updates from vendor's website.

External links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

#VU66929 Improper Authentication in Aruba Networks products - CVE-2022-23691

Description

Remediation

External links

Please verify you're human