Arubaos
CVE-2023-38486
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
AnalysisAI
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned. Rated medium severity (CVSS 6.4). No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. Affected products include: Arubanetworks Arubaos.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthe
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated R
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated R
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthent
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that coul
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenti
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenti
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code e
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code e
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today