Vulnerability identifier: #VU66929

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23691

CWE-ID: CWE-287

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
AOS-CX 10000 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 9300 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8325 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX 8320 Switch Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
AOS-CX
Hardware solutions / Firmware

Vendor: Aruba Networks

Description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to an error, which allows an attacker with physical access to recovery console to bypass authentication process and gain unauthorized access to the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AOS-CX 10000 Switch Series: All versions

AOS-CX 9300 Switch Series: All versions

AOS-CX 8325 Switch Series: All versions

AOS-CX 8320 Switch Series: All versions

---

External links
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.