CVE-2023-35979: Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface

5.3 CVSS

Description

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.

Classification

CVE ID: CVE-2023-35979

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: Hewlett Packard Enterprise (HPE)

Product: Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.16% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt

Timeline

2024-12-05 00:32:09 UTC
CVE

Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface