#VU66928 Information disclosure in Aruba Networks Hardware solutions


Published: 2022-09-01

Vulnerability identifier: #VU66928

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23690

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AOS-CX 10000 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 9300 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8400 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8360 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8325 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8320 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6400 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6300 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6200F Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6100 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 6000 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 4100i Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX
Hardware solutions / Firmware

Vendor: Aruba Networks

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the web interface. A remote attacker can fingerprint the exact version of the installed firmware.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AOS-CX 10000 Switch Series: All versions

AOS-CX 9300 Switch Series: All versions

AOS-CX 8400 Switch Series: All versions

AOS-CX 8360 Switch Series: All versions

AOS-CX 8325 Switch Series: All versions

AOS-CX 8320 Switch Series: All versions

AOS-CX 6400 Switch Series: All versions

AOS-CX 6300 Switch Series: All versions

AOS-CX 6200F Switch Series: All versions

AOS-CX 6100 Switch Series: All versions

AOS-CX 6000 Switch Series: All versions

AOS-CX 4100i Switch Series: All versions

External links
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Aruba AOS-CX switches