OS Command Injection in Aruba Networks products - CVE-2023-1168
Published: March 21, 2023
Vulnerability identifier: #VU73905
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-1168
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Aruba Networks
Affected software:
Aruba CX 10000 Switch Series
Aruba CX 9300 Switch Series
Aruba CX 8400 Switch Series
Aruba CX 8360 Switch Series
Aruba CX 8325 Switch Series
Aruba CX 8320 Switch Series
Aruba CX 6400 Switch Series
Aruba CX 6300 Switch Series
Aruba CX 6200F Switch Series
ArubaOS-CX (AOS-CX)
Aruba CX 10000 Switch Series
Aruba CX 9300 Switch Series
Aruba CX 8400 Switch Series
Aruba CX 8360 Switch Series
Aruba CX 8325 Switch Series
Aruba CX 8320 Switch Series
Aruba CX 6400 Switch Series
Aruba CX 6300 Switch Series
Aruba CX 6200F Switch Series
ArubaOS-CX (AOS-CX)
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the AOS-CX Network Analytics Engine. A remote prvileged user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
How to mitigate CVE-2023-1168
Install updates from vendor's website.