CVE-2023-1168 HIGH

CVE-2023-1168: Authenticated Remote Code Execution in Aruba CX Switches

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba CX 10000 Switch Series, Aruba CX 9300 Switch Series, Aruba CX 8400 Switch Series, Aruba CX 8360 Switch Series, Aruba CX 8325 Switch Series, Aruba CX 8320 Switch Series, Aruba CX 6400 Switch Series, Aruba CX 6300 Switch Series, Aruba CX 6200F Switch

Published March 21, 2023

Last update February 26, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.

Key dates

02Disclosure timeline

March 21, 2023 CVE published

February 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-1168

Identifiers

CVE CVE-2023-1168

CVSS 7.2 / HIGH

Affected versions

Vendor Hewlett Packard Enterprise (Hpe)

Affected AOS-CX 10.10.xxxx: 10.10.1020 and below.

Vendor Hewlett Packard Enterprise (Hpe)

Affected AOS-CX 10.09.xxxx: 10.09.1020 and below.

Vendor Hewlett Packard Enterprise (Hpe)

Affected AOS-CX 10.08.xxxx: 10.08.1070 and below.

Vendor Hewlett Packard Enterprise (Hpe)

Affected AOS-CX 10.06.xxxx: 10.06.0230 and below.