CVE-2022-23677 — HIGH (8.1)

Q: How severe is CVE-2022-23677?

CVE-2022-23677 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-23677?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks 5406R Firmware, Arubanetworks 5406R, Arubanetworks 2920 Firmware, Arubanetworks 2920, Arubanetworks 2930F Firmware.

Vulnerability Description

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Arubanetworks	5406R Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	5406R	-
Arubanetworks	2920 Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2920	-
Arubanetworks	2930F Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2930F	-
Arubanetworks	2930M Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2930M	-
Arubanetworks	2530 Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2530	-
Arubanetworks	2540 Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2540	-
Arubanetworks	5412R Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	5412R	-
Arubanetworks	2615 Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2615	-
Arubanetworks	2620 Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2620	-
Arubanetworks	2915 Firmware	>= 15.00.0, <= 15.16.0023
Arubanetworks	2915	-

Related Weaknesses (CWE)

CWE-787

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txtVendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txtVendor Advisory

FAQ

What is CVE-2022-23677?

CVE-2022-23677 is a vulnerability with a CVSS score of 8.1 (HIGH). A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch...

How severe is CVE-2022-23677?

CVE-2022-23677 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23677?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks 5406R Firmware, Arubanetworks 5406R, Arubanetworks 2920 Firmware, Arubanetworks 2920, Arubanetworks 2930F Firmware.