1. Home
  2. CVE Database
  3. CVE-2023-3718
HIGH · 8.8

CVE-2023-3718

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the...

Vulnerability Description

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HpeArubaos-Cx>= 10.10.0000, <= 10.10.1050
HpeAruba Cx 10000-48Y6-
HpeAruba Cx 4100I-
HpeAruba Cx 6000 12G-
HpeAruba Cx 6000 24G-
HpeAruba Cx 6000 48G-
HpeAruba Cx 6100-
HpeAruba Cx 6200F-
HpeAruba Cx 6200F 48G-
HpeAruba Cx 6200M-
HpeAruba Cx 6200M 24G-
HpeAruba Cx 6300M 24P-
HpeAruba Cx 6300M 48G-
HpeAruba Cx 6405-
HpeAruba Cx 6410-
HpeAruba Cx 8320-32-
HpeAruba Cx 8320-48P-
HpeAruba Cx 8325-32C-
HpeAruba Cx 8325-48Y8C-
HpeAruba Cx 8360-12C-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2023-3718?

CVE-2023-3718 is a vulnerability with a CVSS score of 8.8 (HIGH). An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the...

How severe is CVE-2023-3718?

CVE-2023-3718 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3718?

Check the references section above for vendor advisories and patch information. Affected products include: Hpe Arubaos-Cx, Hpe Aruba Cx 10000-48Y6, Hpe Aruba Cx 4100I, Hpe Aruba Cx 6000 12G, Hpe Aruba Cx 6000 24G.