Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
AnalysisAI
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. Affected products include: Arubanetworks Aos-Cx.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only p
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. Rated high severity (CVSS 8.8), this vulnerab
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. Rated high severity (CVSS 8.8), this vulnerab
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection.
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection.
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Rated high
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Rated medium severity (CV
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Rated medium severity (CV
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Rated medium severity (CV
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Rated medium severity (CV
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today