Login Sign Up

CVE-2023-22767

7.2 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-22767 allows authenticated attackers to execute arbitrary commands with privileged access on ArubaOS devices through command injection in the CLI. This affects network administrators and organizations using vulnerable Aruba networking equipment. Attackers can gain full control of affected devices.

💻 Affected Systems

Products:
  • ArubaOS
Versions: Multiple versions prior to patched releases
Operating Systems: ArubaOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated CLI access. All ArubaOS deployments with vulnerable versions are affected.

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Sd Wan by Arubanetworks

View all CVEs affecting Sd Wan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network infrastructure, lateral movement to other systems, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Network disruption, configuration changes, credential theft, and monitoring of network traffic.

🟢

If Mitigated

Limited to authenticated users only, with proper network segmentation reducing lateral movement potential.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access but command injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Aruba advisory for specific fixed versions

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt

Restart Required: Yes

Instructions:

1. Review Aruba advisory ARUBA-PSA-2023-002. 2. Identify affected devices. 3. Download and apply appropriate firmware updates. 4. Reboot devices after patching.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrators only using access control lists

configure terminal
access-list standard CLI-ACCESS
permit host [TRUSTED_IP]
deny any
line vty 0 15
access-class CLI-ACCESS in

Implement Command Authorization

all

Use TACACS+ or RADIUS with command authorization to restrict available commands

aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Aruba devices
  • Enforce multi-factor authentication for all administrative access

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version against advisory ARUBA-PSA-2023-002

Check Version:

show version

Verify Fix Applied:

Verify firmware version is updated to patched release and test CLI functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual CLI command patterns
  • Multiple failed authentication attempts followed by successful login
  • Execution of system commands via CLI

Network Indicators:

  • Unexpected outbound connections from Aruba devices
  • Anomalous traffic patterns from management interfaces

SIEM Query:

source="aruba_logs" AND (event_type="cli_command" AND command=~"system|exec|shell|.*[;&|].*")

📊 Metadata

CVE ID: CVE-2023-22767
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: March 1, 2023
Last Updated: March 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22767, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)