CVE-2023-35981

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type Values Removed Values Added
References () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt - Vendor Advisory () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt - Vendor Advisory

02 Aug 2023, 16:23

Type Values Removed Values Added
References (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt - (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
CWE CWE-120
First Time Hp
Arubanetworks arubaos
Arubanetworks
Hp instantos

25 Jul 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-25 19:15

Updated : 2024-11-21 08:09


NVD link : CVE-2023-35981

Mitre link : CVE-2023-35981

CVE.ORG link : CVE-2023-35981


JSON object : View

Products Affected

hp

  • instantos

arubanetworks

  • arubaos
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')