CVE-2023-30510

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::

History

21 Nov 2024, 08:00

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 4.1
References	~~() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt -~~	() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt -

Information

Published : 2023-05-16 19:15

Updated : 2024-11-21 08:00

NVD link : CVE-2023-30510

Mitre link : CVE-2023-30510

CVE.ORG link : CVE-2023-30510

JSON object : View

Products Affected

arubanetworks

edgeconnect_enterprise

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-30510", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-05-16T19:15:10.140", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt", "source": "security-alert@hpe.com"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the Aruba EdgeConnect Enterprise\u00a0web management interface that allows remote authenticated\u00a0users to issue arbitrary URL requests from the Aruba\u00a0EdgeConnect Enterprise instance. The impact of this\u00a0vulnerability is limited to a subset of URLs which can\u00a0result in the possible disclosure of data due to the network\u00a0position of the Aruba EdgeConnect Enterprise instance."}], "lastModified": "2024-11-21T08:00:19.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743", "versionEndIncluding": "9.0.8.0"}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B", "versionEndIncluding": "9.1.5.0", "versionStartIncluding": "9.1.0.0"}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154", "versionEndIncluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}

4.1 /10