CVE-2023-39268

Description

A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below. – ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below. – ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below. – ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.09.xxxx: All versions. – ArubaOS-Switch 16.09.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below. – ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.07.xxxx: All versions. – ArubaOS-Switch 16.07.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.06.xxxx: All versions. – ArubaOS-Switch 16.06.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.05.xxxx: All versions. – ArubaOS-Switch 16.05.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below. – ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.03.xxxx: All versions. – ArubaOS-Switch 16.03.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.02.xxxx: All versions. – ArubaOS-Switch 16.02.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 16.01.xxxx: All versions. – ArubaOS-Switch 16.01.xxxx: All versions.
Hewlett Packard Enterprise / ArubaOS-SwitchArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. – ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below.

References

MISChttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt