#VU66927 Input validation error in Aruba Networks Hardware solutions


Published: 2022-09-01

Vulnerability identifier: #VU66927

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23689

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AOS-CX 10000 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 9300 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8400 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8360 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8325 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8320 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6400 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6300 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6200F Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6100 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6000 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 4100i Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX
Hardware solutions / Firmware

Vendor: Aruba Networks

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing packets in LLDP service. A remote attacker can send specially crafted packets to the affected service and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AOS-CX 10000 Switch Series: All versions

AOS-CX 9300 Switch Series: All versions

AOS-CX 8400 Switch Series: All versions

AOS-CX 8360 Switch Series: All versions

AOS-CX 8325 Switch Series: All versions

AOS-CX 8320 Switch Series: All versions

AOS-CX 6400 Switch Series: All versions

AOS-CX 6300 Switch Series: All versions

AOS-CX 6200F Switch Series: All versions

AOS-CX 6100 Switch Series: All versions

AOS-CX 6000 Switch Series: All versions

AOS-CX 4100i Switch Series: All versions

External links
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Aruba AOS-CX switches