CVE-2023-35974: Authenticated Remote Command Execution in the ArubaOS Command Line Interface

7.2 CVSS

Description

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Classification

CVE ID: CVE-2023-35974

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

Affected Products

Vendor: Hewlett Packard Enterprise (HPE)

Product: Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.85% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt

Timeline

2024-12-05 00:32:09 UTC
CVE

Authenticated Remote Command Execution in the ArubaOS Command Line Interface