Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for Aruba Access Points running InstantOS and ArubaOS 10 by Hewlett Packard Enterprise (HPE)

    CVE-2023-35982 (GCVE-0-2023-35982)

    Vulnerability from nvd – Published: 2023-07-25 18:28 – Updated: 2024-11-07 18:11
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: ArubaOS 10.4.x.x: 10.4.0.1 and below
    Affected: InstantOS 8.11.x.x: 8.11.1.0 and below
    Affected: InstantOS 8.10.x.x: 8.10.0.6 and below
    Affected: InstantOS 8.6.x.x: 8.6.0.20 and below
    Affected: InstantOS 6.5.x.x: 6.5.4.24 and below
    Affected: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
    Create a notification for this product.
    hpe arba_access_points_running_instantos_and_arubaos_10 Affected: arubaos_10.4.x.x , < 10.4.0.1 (custom)
    Affected: instantos_8.11.x.x , < 8.11.1.0 (custom)
    Affected: instantos_8.10xx , < 8.10.0.6 (custom)
    Affected: instantos_8.6.x.x , < 8.6.0.20 (custom)
    Affected: instantos_6.5.x.x , < 6.5.4.24 (custom)
    Affected: instantos_6.4.x.x , < 6.4.4.8 (custom)
    Affected: 0 , < 4.2.4.21 (custom)
        cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:41.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arba_access_points_running_instantos_and_arubaos_10",
                "vendor": "hpe",
                "versions": [
                  {
                    "lessThan": "10.4.0.1",
                    "status": "affected",
                    "version": "arubaos_10.4.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.11.1.0",
                    "status": "affected",
                    "version": "instantos_8.11.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.10.0.6",
                    "status": "affected",
                    "version": "instantos_8.10xx",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.6.0.20",
                    "status": "affected",
                    "version": "instantos_8.6.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.5.4.24",
                    "status": "affected",
                    "version": "instantos_6.5.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.4.4.8",
                    "status": "affected",
                    "version": "instantos_6.4.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.2.4.21",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T16:54:23.089613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:11:05.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x:   10.4.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.6.x.x:  8.6.0.20 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.5.x.x:  6.5.4.24 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.4.x.x:  6.4.4.8-4.2.4.21 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T18:28:20.312Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-35982",
        "datePublished": "2023-07-25T18:28:20.312Z",
        "dateReserved": "2023-06-20T18:43:02.967Z",
        "dateUpdated": "2024-11-07T18:11:05.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35981 (GCVE-0-2023-35981)

    Vulnerability from nvd – Published: 2023-07-25 18:28 – Updated: 2024-11-07 18:51
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: ArubaOS 10.4.x.x: 10.4.0.1 and below
    Affected: InstantOS 8.11.x.x: 8.11.1.0 and below
    Affected: InstantOS 8.10.x.x: 8.10.0.6 and below
    Affected: InstantOS 8.6.x.x: 8.6.0.20 and below
    Affected: InstantOS 6.5.x.x: 6.5.4.24 and below
    Affected: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
    Create a notification for this product.
    hpe arba_access_points_running_instantos_and_arubaos_10 Affected: 6.4.4.8 , < 4.2.4.21 (custom)
    Affected: 0 , < 6.5.4.24 (custom)
    Affected: 0 , < 8.6.0.20 (custom)
    Affected: 0 , < 8.10.0.6 (custom)
    Affected: 0 , < 8.11.1.0 (custom)
    Affected: 0 , < 10.4.0.1 (custom)
        cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arba_access_points_running_instantos_and_arubaos_10",
                "vendor": "hpe",
                "versions": [
                  {
                    "lessThan": "4.2.4.21",
                    "status": "affected",
                    "version": "6.4.4.8",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.5.4.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.6.0.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.10.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.11.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:38:50.384815Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:51:06.659Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x:   10.4.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.6.x.x:  8.6.0.20 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.5.x.x:  6.5.4.24 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.4.x.x:  6.4.4.8-4.2.4.21 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T18:28:14.271Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-35981",
        "datePublished": "2023-07-25T18:28:14.271Z",
        "dateReserved": "2023-06-20T18:43:02.967Z",
        "dateUpdated": "2024-11-07T18:51:06.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35980 (GCVE-0-2023-35980)

    Vulnerability from nvd – Published: 2023-07-25 18:28 – Updated: 2024-11-07 18:56
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: ArubaOS 10.4.x.x: 10.4.0.1 and below
    Affected: InstantOS 8.11.x.x: 8.11.1.0 and below
    Affected: InstantOS 8.10.x.x: 8.10.0.6 and below
    Affected: InstantOS 8.6.x.x: 8.6.0.20 and below
    Affected: InstantOS 6.5.x.x: 6.5.4.24 and below
    Affected: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
    Create a notification for this product.
    hpe arba_access_points_running_instantos_and_arubaos_10 Affected: 6.4.4.8 , < 4.2.4.21 (custom)
    Affected: 0 , < 6.5.4.24 (custom)
    Affected: 0 , < 8.6.0.20 (custom)
    Affected: 0 , < 8.10.0.6 (custom)
    Affected: 0 , < 8.11.1.0 (custom)
    Affected: 0 , < 10.4.0.1 (custom)
        cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arba_access_points_running_instantos_and_arubaos_10",
                "vendor": "hpe",
                "versions": [
                  {
                    "lessThan": "4.2.4.21",
                    "status": "affected",
                    "version": "6.4.4.8",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.5.4.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.6.0.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.10.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.11.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:52:12.730779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:56:09.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x:   10.4.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.6.x.x:  8.6.0.20 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.5.x.x:  6.5.4.24 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.4.x.x:  6.4.4.8-4.2.4.21 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T18:28:10.354Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-35980",
        "datePublished": "2023-07-25T18:28:10.354Z",
        "dateReserved": "2023-06-20T18:43:02.966Z",
        "dateUpdated": "2024-11-07T18:56:09.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22791 (GCVE-0-2023-22791)

    Vulnerability from nvd – Published: 2023-05-08 14:10 – Updated: 2025-01-31 18:01
    VLAI
    Title
    Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure
    Summary
    A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Zack Colgan of ClearBearing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:01:08.113216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:01:49.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Zack Colgan of ClearBearing"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u0026nbsp;where an edge-case combination of network configuration, a\u0026nbsp;specific WLAN environment and an attacker already possessing\u0026nbsp;valid user credentials on that WLAN can lead to sensitive\u0026nbsp;information being disclosed via the WLAN. The scenarios in\u0026nbsp;which this disclosure of potentially sensitive information\u0026nbsp;can occur are complex and depend on factors that are beyond\u0026nbsp;the control of the attacker."
                }
              ],
              "value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:10:03.684Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22791",
        "datePublished": "2023-05-08T14:10:03.684Z",
        "dateReserved": "2023-01-06T15:24:20.511Z",
        "dateUpdated": "2025-01-31T18:01:49.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22790 (GCVE-0-2023-22790)

    Vulnerability from nvd – Published: 2023-05-08 14:08 – Updated: 2025-01-31 18:03
    VLAI
    Title
    Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
    Summary
    Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:02:42.767154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:03:17.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
                }
              ],
              "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:08:43.190Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22790",
        "datePublished": "2023-05-08T14:08:43.190Z",
        "dateReserved": "2023-01-06T15:24:20.511Z",
        "dateUpdated": "2025-01-31T18:03:17.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22789 (GCVE-0-2023-22789)

    Vulnerability from nvd – Published: 2023-05-08 14:08 – Updated: 2025-01-31 18:04
    VLAI
    Title
    Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
    Summary
    Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22789",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:03:56.139002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:04:29.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
                }
              ],
              "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:08:39.438Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22789",
        "datePublished": "2023-05-08T14:08:39.438Z",
        "dateReserved": "2023-01-06T15:24:20.511Z",
        "dateUpdated": "2025-01-31T18:04:29.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22788 (GCVE-0-2023-22788)

    Vulnerability from nvd – Published: 2023-05-08 14:08 – Updated: 2025-01-28 20:09
    VLAI
    Title
    Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
    Summary
    Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T20:09:10.095402Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T20:09:44.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
                }
              ],
              "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:08:35.055Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22788",
        "datePublished": "2023-05-08T14:08:35.055Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-28T20:09:44.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22787 (GCVE-0-2023-22787)

    Vulnerability from nvd – Published: 2023-05-08 14:07 – Updated: 2025-01-31 18:05
    VLAI
    Title
    Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol
    Summary
    An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:05:05.306424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:05:29.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u0026nbsp;by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to interrupt the\u0026nbsp;normal operation of the affected access point."
                }
              ],
              "value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:07:18.315Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22787",
        "datePublished": "2023-05-08T14:07:00.289Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:05:29.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22786 (GCVE-0-2023-22786)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:07
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.419Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:06:19.563671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:07:01.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:58.355Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22786",
        "datePublished": "2023-05-08T14:03:58.355Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:07:01.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22785 (GCVE-0-2023-22785)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:08
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:07:49.933693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:08:15.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:55.974Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22785",
        "datePublished": "2023-05-08T14:03:55.974Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:08:15.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22784 (GCVE-0-2023-22784)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:09
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:08:55.636445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:09:21.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:51.253Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22784",
        "datePublished": "2023-05-08T14:03:51.253Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:09:21.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22783 (GCVE-0-2023-22783)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:10
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:10:27.077116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:10:52.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:47.963Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22783",
        "datePublished": "2023-05-08T14:03:47.963Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:10:52.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22782 (GCVE-0-2023-22782)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:11
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:11:21.804749Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:11:51.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:45.533Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22782",
        "datePublished": "2023-05-08T14:03:45.533Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:11:51.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22781 (GCVE-0-2023-22781)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:12
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:12:27.213593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:12:49.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:42.187Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22781",
        "datePublished": "2023-05-08T14:03:42.187Z",
        "dateReserved": "2023-01-06T15:24:20.509Z",
        "dateUpdated": "2025-01-31T18:12:49.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22780 (GCVE-0-2023-22780)

    Vulnerability from nvd – Published: 2023-05-08 14:03 – Updated: 2025-01-29 15:32
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T15:31:37.810193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T15:32:34.957Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:38.356Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22780",
        "datePublished": "2023-05-08T14:03:38.356Z",
        "dateReserved": "2023-01-06T15:24:20.509Z",
        "dateUpdated": "2025-01-29T15:32:34.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22779 (GCVE-0-2023-22779)

    Vulnerability from nvd – Published: 2023-05-08 14:02 – Updated: 2025-01-29 15:33
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T15:33:13.190785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T15:33:25.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:02:48.736Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22779",
        "datePublished": "2023-05-08T14:02:48.736Z",
        "dateReserved": "2023-01-06T15:24:20.509Z",
        "dateUpdated": "2025-01-29T15:33:25.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35982 (GCVE-0-2023-35982)

    Vulnerability from cvelistv5 – Published: 2023-07-25 18:28 – Updated: 2024-11-07 18:11
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: ArubaOS 10.4.x.x: 10.4.0.1 and below
    Affected: InstantOS 8.11.x.x: 8.11.1.0 and below
    Affected: InstantOS 8.10.x.x: 8.10.0.6 and below
    Affected: InstantOS 8.6.x.x: 8.6.0.20 and below
    Affected: InstantOS 6.5.x.x: 6.5.4.24 and below
    Affected: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
    Create a notification for this product.
    hpe arba_access_points_running_instantos_and_arubaos_10 Affected: arubaos_10.4.x.x , < 10.4.0.1 (custom)
    Affected: instantos_8.11.x.x , < 8.11.1.0 (custom)
    Affected: instantos_8.10xx , < 8.10.0.6 (custom)
    Affected: instantos_8.6.x.x , < 8.6.0.20 (custom)
    Affected: instantos_6.5.x.x , < 6.5.4.24 (custom)
    Affected: instantos_6.4.x.x , < 6.4.4.8 (custom)
    Affected: 0 , < 4.2.4.21 (custom)
        cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:41.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arba_access_points_running_instantos_and_arubaos_10",
                "vendor": "hpe",
                "versions": [
                  {
                    "lessThan": "10.4.0.1",
                    "status": "affected",
                    "version": "arubaos_10.4.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.11.1.0",
                    "status": "affected",
                    "version": "instantos_8.11.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.10.0.6",
                    "status": "affected",
                    "version": "instantos_8.10xx",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.6.0.20",
                    "status": "affected",
                    "version": "instantos_8.6.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.5.4.24",
                    "status": "affected",
                    "version": "instantos_6.5.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.4.4.8",
                    "status": "affected",
                    "version": "instantos_6.4.x.x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.2.4.21",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T16:54:23.089613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:11:05.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x:   10.4.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.6.x.x:  8.6.0.20 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.5.x.x:  6.5.4.24 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.4.x.x:  6.4.4.8-4.2.4.21 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T18:28:20.312Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-35982",
        "datePublished": "2023-07-25T18:28:20.312Z",
        "dateReserved": "2023-06-20T18:43:02.967Z",
        "dateUpdated": "2024-11-07T18:11:05.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35981 (GCVE-0-2023-35981)

    Vulnerability from cvelistv5 – Published: 2023-07-25 18:28 – Updated: 2024-11-07 18:51
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: ArubaOS 10.4.x.x: 10.4.0.1 and below
    Affected: InstantOS 8.11.x.x: 8.11.1.0 and below
    Affected: InstantOS 8.10.x.x: 8.10.0.6 and below
    Affected: InstantOS 8.6.x.x: 8.6.0.20 and below
    Affected: InstantOS 6.5.x.x: 6.5.4.24 and below
    Affected: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
    Create a notification for this product.
    hpe arba_access_points_running_instantos_and_arubaos_10 Affected: 6.4.4.8 , < 4.2.4.21 (custom)
    Affected: 0 , < 6.5.4.24 (custom)
    Affected: 0 , < 8.6.0.20 (custom)
    Affected: 0 , < 8.10.0.6 (custom)
    Affected: 0 , < 8.11.1.0 (custom)
    Affected: 0 , < 10.4.0.1 (custom)
        cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arba_access_points_running_instantos_and_arubaos_10",
                "vendor": "hpe",
                "versions": [
                  {
                    "lessThan": "4.2.4.21",
                    "status": "affected",
                    "version": "6.4.4.8",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.5.4.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.6.0.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.10.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.11.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:38:50.384815Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:51:06.659Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x:   10.4.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.6.x.x:  8.6.0.20 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.5.x.x:  6.5.4.24 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.4.x.x:  6.4.4.8-4.2.4.21 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T18:28:14.271Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-35981",
        "datePublished": "2023-07-25T18:28:14.271Z",
        "dateReserved": "2023-06-20T18:43:02.967Z",
        "dateUpdated": "2024-11-07T18:51:06.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35980 (GCVE-0-2023-35980)

    Vulnerability from cvelistv5 – Published: 2023-07-25 18:28 – Updated: 2024-11-07 18:56
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: ArubaOS 10.4.x.x: 10.4.0.1 and below
    Affected: InstantOS 8.11.x.x: 8.11.1.0 and below
    Affected: InstantOS 8.10.x.x: 8.10.0.6 and below
    Affected: InstantOS 8.6.x.x: 8.6.0.20 and below
    Affected: InstantOS 6.5.x.x: 6.5.4.24 and below
    Affected: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
    Create a notification for this product.
    hpe arba_access_points_running_instantos_and_arubaos_10 Affected: 6.4.4.8 , < 4.2.4.21 (custom)
    Affected: 0 , < 6.5.4.24 (custom)
    Affected: 0 , < 8.6.0.20 (custom)
    Affected: 0 , < 8.10.0.6 (custom)
    Affected: 0 , < 8.11.1.0 (custom)
    Affected: 0 , < 10.4.0.1 (custom)
        cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "arba_access_points_running_instantos_and_arubaos_10",
                "vendor": "hpe",
                "versions": [
                  {
                    "lessThan": "4.2.4.21",
                    "status": "affected",
                    "version": "6.4.4.8",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.5.4.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.6.0.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.10.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.11.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:52:12.730779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:56:09.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x:   10.4.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 8.6.x.x:  8.6.0.20 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.5.x.x:  6.5.4.24 and below"
                },
                {
                  "status": "affected",
                  "version": "InstantOS 6.4.x.x:  6.4.4.8-4.2.4.21 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T18:28:10.354Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-35980",
        "datePublished": "2023-07-25T18:28:10.354Z",
        "dateReserved": "2023-06-20T18:43:02.966Z",
        "dateUpdated": "2024-11-07T18:56:09.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22791 (GCVE-0-2023-22791)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:10 – Updated: 2025-01-31 18:01
    VLAI
    Title
    Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure
    Summary
    A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Zack Colgan of ClearBearing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:01:08.113216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:01:49.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Zack Colgan of ClearBearing"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u0026nbsp;where an edge-case combination of network configuration, a\u0026nbsp;specific WLAN environment and an attacker already possessing\u0026nbsp;valid user credentials on that WLAN can lead to sensitive\u0026nbsp;information being disclosed via the WLAN. The scenarios in\u0026nbsp;which this disclosure of potentially sensitive information\u0026nbsp;can occur are complex and depend on factors that are beyond\u0026nbsp;the control of the attacker."
                }
              ],
              "value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:10:03.684Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22791",
        "datePublished": "2023-05-08T14:10:03.684Z",
        "dateReserved": "2023-01-06T15:24:20.511Z",
        "dateUpdated": "2025-01-31T18:01:49.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22790 (GCVE-0-2023-22790)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:08 – Updated: 2025-01-31 18:03
    VLAI
    Title
    Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
    Summary
    Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:02:42.767154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:03:17.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
                }
              ],
              "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:08:43.190Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22790",
        "datePublished": "2023-05-08T14:08:43.190Z",
        "dateReserved": "2023-01-06T15:24:20.511Z",
        "dateUpdated": "2025-01-31T18:03:17.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22789 (GCVE-0-2023-22789)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:08 – Updated: 2025-01-31 18:04
    VLAI
    Title
    Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
    Summary
    Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22789",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:03:56.139002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:04:29.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
                }
              ],
              "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:08:39.438Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22789",
        "datePublished": "2023-05-08T14:08:39.438Z",
        "dateReserved": "2023-01-06T15:24:20.511Z",
        "dateUpdated": "2025-01-31T18:04:29.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22788 (GCVE-0-2023-22788)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:08 – Updated: 2025-01-28 20:09
    VLAI
    Title
    Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
    Summary
    Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T20:09:10.095402Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T20:09:44.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
                }
              ],
              "value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:08:35.055Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22788",
        "datePublished": "2023-05-08T14:08:35.055Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-28T20:09:44.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22787 (GCVE-0-2023-22787)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:07 – Updated: 2025-01-31 18:05
    VLAI
    Title
    Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol
    Summary
    An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
    Affected: Aruba InstantOS 6.5.x: 6.5.4.23 and below
    Affected: Aruba InstantOS 8.6.x: 8.6.0.19 and below
    Affected: Aruba InstantOS 8.10.x: 8.10.0.4 and below
    Affected: ArubaOS 10.3.x: 10.3.1.0 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Daniel Jensen (@dozernz)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:05:05.306424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:05:29.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
                },
                {
                  "status": "affected",
                  "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Jensen (@dozernz)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u0026nbsp;by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to interrupt the\u0026nbsp;normal operation of the affected access point."
                }
              ],
              "value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:07:18.315Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22787",
        "datePublished": "2023-05-08T14:07:00.289Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:05:29.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22786 (GCVE-0-2023-22786)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:07
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.419Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:06:19.563671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:07:01.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:58.355Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22786",
        "datePublished": "2023-05-08T14:03:58.355Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:07:01.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22785 (GCVE-0-2023-22785)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:08
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:07:49.933693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:08:15.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:55.974Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22785",
        "datePublished": "2023-05-08T14:03:55.974Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:08:15.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22784 (GCVE-0-2023-22784)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:09
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:08:55.636445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:09:21.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:51.253Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22784",
        "datePublished": "2023-05-08T14:03:51.253Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:09:21.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22783 (GCVE-0-2023-22783)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:10
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:10:27.077116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:10:52.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:47.963Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22783",
        "datePublished": "2023-05-08T14:03:47.963Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:10:52.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22782 (GCVE-0-2023-22782)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:11
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:11:21.804749Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:11:51.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:45.533Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22782",
        "datePublished": "2023-05-08T14:03:45.533Z",
        "dateReserved": "2023-01-06T15:24:20.510Z",
        "dateUpdated": "2025-01-31T18:11:51.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22781 (GCVE-0-2023-22781)

    Vulnerability from cvelistv5 – Published: 2023-05-08 14:03 – Updated: 2025-01-31 18:12
    VLAI
    Title
    Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
    Summary
    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) Aruba Access Points running InstantOS and ArubaOS 10 Affected: InstantOS 8.10.x.x: 8.10.0.2 and below
    Affected: ArubaOS 10.3.x.x: 10.3.1.4 and below
    Affected: See reference document for further details
    Create a notification for this product.
    Date Public
    2023-05-09 20:00
    Credits
    Erik de Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:30.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T18:12:27.213593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T18:12:49.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Aruba Access Points running InstantOS and ArubaOS 10",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "InstantOS 8.10.x.x:   8.10.0.2 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.3.x.x:  10.3.1.4 and below"
                },
                {
                  "status": "affected",
                  "version": "See reference document for further details"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik de Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "datePublic": "2023-05-09T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
                }
              ],
              "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T14:03:42.187Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-22781",
        "datePublished": "2023-05-08T14:03:42.187Z",
        "dateReserved": "2023-01-06T15:24:20.509Z",
        "dateUpdated": "2025-01-31T18:12:49.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }