Login Sign Up

CVE-2023-35973

7.2 HIGH
Remote Code Execution

📋 TL;DR

Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying OS. This affects Aruba networking devices running vulnerable versions of ArubaOS, potentially leading to full system compromise.

💻 Affected Systems

Products:
  • ArubaOS
Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges.
Operating Systems: ArubaOS-based systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the command line interface; default configurations may be vulnerable if CLI access is enabled.

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise, allowing attackers to steal sensitive data, disrupt network operations, or pivot to other systems.

🟠

Likely Case

Unauthorized command execution leading to configuration changes, data exfiltration, or installation of backdoors.

🟢

If Mitigated

Limited impact if strong access controls and network segmentation are in place, reducing exposure.

🌐 Internet-Facing: MEDIUM, as exploitation requires authentication, but internet-facing management interfaces increase attack surface.
🏢 Internal Only: HIGH, as internal attackers or compromised accounts can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to the CLI, making it straightforward for attackers with valid credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions.

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt

Restart Required: Yes

Instructions:

1. Review the vendor advisory for affected versions. 2. Download and apply the latest ArubaOS patch from Aruba support. 3. Restart the device to apply changes. 4. Verify the patch is installed successfully.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit access to the CLI to trusted users and networks only.

Configure access control lists (ACLs) to restrict management interface access.

Disable Unnecessary CLI Features

all

Disable or restrict CLI commands that are not required for operations.

Use ArubaOS configuration commands to disable unused CLI modules.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate management interfaces from untrusted networks.
  • Enforce strong authentication and monitor for suspicious CLI activity.

🔍 How to Verify

Check if Vulnerable:

Check the ArubaOS version against the vendor advisory to see if it falls within the affected range.

Check Version:

show version

Verify Fix Applied:

Verify the ArubaOS version has been updated to a patched version listed in the vendor advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CLI command executions, failed authentication attempts, or privilege escalation logs.

Network Indicators:

  • Suspicious traffic to management interfaces, unexpected outbound connections from the device.

SIEM Query:

Example: search for 'ArubaOS CLI' events with command injection patterns or anomalous user activity.

📊 Metadata

CVE ID: CVE-2023-35973
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: July 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35973, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)