CVE-2023-22754 HIGH

CVE-2023-22754: Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Published February 28, 2023

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Key dates

02Disclosure timeline

February 28, 2023 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22754

Identifiers

CVE CVE-2023-22754

CVSS 8.1 / HIGH

Affected versions

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Affected ArubaOS 8.10.x.x: 8.10.0.4 and below

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Affected ArubaOS 10.3.x.x: 10.3.1.0 and below

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

Affected SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below