Login Sign Up

CVE-2023-3718

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-3718 is an authenticated command injection vulnerability in Aruba AOS-CX switches that allows attackers with CLI access to execute arbitrary commands as privileged users. This enables complete compromise of the underlying operating system on affected network devices. Organizations using vulnerable Aruba AOS-CX switches are affected.

💻 Affected Systems

Products:
  • Aruba AOS-CX switches
Versions: AOS-CX 10.10.x and earlier versions
Operating Systems: AOS-CX
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated CLI access; affects all configurations with default CLI enabled.

📦 What is this software?

Arubaos Cx by Hpe

View all CVEs affecting Arubaos Cx →

Arubaos Cx by Hpe

View all CVEs affecting Arubaos Cx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of network infrastructure, lateral movement to other systems, data exfiltration, persistent backdoors, and network disruption.

🟠

Likely Case

Unauthorized configuration changes, network monitoring, credential harvesting, and potential foothold for further attacks.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and restricted CLI access.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated CLI access; command injection is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AOS-CX 10.11.0000 and later

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt

Restart Required: Yes

Instructions:

1. Download AOS-CX 10.11.0000 or later from Aruba support portal. 2. Backup current configuration. 3. Upload new firmware to switch. 4. Reboot switch to apply update. 5. Verify version with 'show version' command.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrative accounts only using AAA controls.

aaa authentication login default local
aaa authorization exec default local
username admin privilege 15 secret yourpassword

Network Segmentation

all

Isolate management interfaces from general network access.

interface mgmt
ip access-group MGMT-ACL in

🧯 If You Can't Patch

  • Implement strict network segmentation for management interfaces
  • Enforce multi-factor authentication and least privilege for CLI access

🔍 How to Verify

Check if Vulnerable:

Check AOS-CX version with 'show version' command; versions 10.10.x and earlier are vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify version is 10.11.0000 or later with 'show version' command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CLI command patterns
  • Multiple failed authentication attempts followed by successful login
  • Unexpected configuration changes

Network Indicators:

  • Unusual outbound connections from switch management interface
  • Unexpected SSH/Telnet sessions to switch

SIEM Query:

source="aruba-switch" AND (event_type="cli_command" AND command="*;*" OR command="*|*" OR command="*`*")

📊 Metadata

CVE ID: CVE-2023-3718
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: August 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3718, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)