CVE-2023-22773 – This CVE describes an authenticated path traver... (How to Fix)

Q: What is the severity of CVE-2023-22773?

CVE-2023-22773 has a CVSS score of 7.2 (HIGH). This CVE describes an authenticated path traversal vulnerability in ArubaOS command line interface that allows authenticated attackers to delete arbitrary files on the underlying operating system. It affects Aruba networking devices running vulnerable versions of ArubaOS. Attackers need valid credentials to exploit this vulnerability.

📋 TL;DR

This CVE describes an authenticated path traversal vulnerability in ArubaOS command line interface that allows authenticated attackers to delete arbitrary files on the underlying operating system. It affects Aruba networking devices running vulnerable versions of ArubaOS. Attackers need valid credentials to exploit this vulnerability.

💻 Affected Systems

Products:

ArubaOS

Versions: ArubaOS 10.3.x: 10.3.1.0 and below, ArubaOS 10.2.x: 10.2.2.0 and below, ArubaOS 8.x: 8.11.2.0 and below, 8.10.0.7 and below, 8.9.0.14 and below, 8.8.0.13 and below, 8.7.1.9 and below, 8.6.0.19 and below, 8.5.0.16 and below, 8.4.0.10 and below

Operating Systems: ArubaOS (proprietary network OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated CLI access. Affects both physical and virtual controllers running vulnerable ArubaOS versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to device bricking, service disruption, or enabling further attacks by removing security controls.

🟠

Likely Case

Service disruption through deletion of configuration files, logs, or application files, potentially causing network outages or loss of critical data.

🟢

If Mitigated

Limited impact with proper access controls, monitoring, and file integrity checks in place to detect and prevent unauthorized file deletions.

🌐 Internet-Facing: MEDIUM - Requires authentication, but internet-facing management interfaces could be targeted by credential stuffing or compromised credentials.

🏢 Internal Only: HIGH - Internal attackers with valid credentials or compromised accounts can exploit this to disrupt network operations or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated CLI access. The vulnerability is in the path validation logic of certain CLI commands.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ArubaOS 10.3.1.1, 10.2.2.1, 8.11.2.1, 8.10.0.8, 8.9.0.15, 8.8.0.14, 8.7.1.10, 8.6.0.20, 8.5.0.17, 8.4.0.11

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt

Restart Required: Yes

Instructions:

1. Download appropriate patched version from Aruba support portal. 2. Backup current configuration. 3. Upload and install new firmware. 4. Reboot device. 5. Verify version and functionality.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrators only using role-based access controls and network segmentation.

configure terminal
aaa authentication login default local
aaa authorization exec default local
aaa authorization commands 15 default local
username admin privilege 15 secret yourpassword

Enable Command Authorization

all

Implement command authorization to restrict which commands users can execute.

configure terminal
aaa authorization config-commands
aaa authorization commands 1 default local
aaa authorization commands 15 default local

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious file deletion activities
Deploy file integrity monitoring and regular backups of critical configuration files

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version via CLI: 'show version' and compare against affected versions list.

Check Version:

show version

Verify Fix Applied:

Verify installed version is patched: 'show version' should show patched version. Test CLI commands that previously allowed path traversal.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in system logs
Multiple failed authentication attempts followed by successful CLI access
CLI commands with unusual file paths or '../' sequences

Network Indicators:

Unusual CLI access patterns from unexpected IP addresses
Increased management interface traffic

SIEM Query:

source="aruba_logs" AND (event_type="file_deletion" OR command="*../*")

📊 Metadata

CVE ID: CVE-2023-22773

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: March 1, 2023

Last Updated: March 7, 2025

🔗 References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22773, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Sd Wan by Arubanetworks

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict CLI Access

Enable Command Authorization

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities