Описание
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до a.15.16.0026 (исключая)Версия от 16.01.0000 (включая) до 16.04.0027 (исключая)Версия от 16.05.0000 (включая) до 16.08.0027 (исключая)Версия от 16.10.0001 (включая) до 16.10.0024 (исключая)Версия от 16.11.0001 (включая) до 16.11.0013 (исключая)
Одновременно
Одно из
cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
4.5 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 4.5
github
больше 2 лет назад
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
EPSS
Процентиль: 40%
0.00182
Низкий
4.5 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-787