Certain switch models from Aruba are vulnerable. The developers have closed a security hole.
Network admins should update their Aruba switches to the latest version for security reasons. If this is not done, attackers can compromise the operating system.
According to a warning message, the following models with the AOS-CX system are affected. However, this is only the case when the enhanced security mode is active. This should be activated, otherwise shell access to the entire system is possible, which offers an attack surface.
- CX 10000 Switch Series
- CX 9300 Switch Series
- CX 8400 Switch Series
- CX 8360 Switch Series
- CX 8325 Switch Series
- CX 8320 Switch Series
- CX 6400 Switch Series
- CX 6300 Switch Series
- CX 6200 Switch Series
- CX 6100 Switch Series
- CX 6000 Switch Series
- CX 4100i Switch Series
Remote Code Execution
The vulnerability (CVE-2023-3718) is found in the AOX-CX command line interface and has been assigned a threat level of "high". If attacks are successful, attackers should be able to remotely execute malicious code as a privileged user.
Aruba assures that they currently have no evidence of attacks.
No comments yet