{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-35976","assignerOrgId":"eb103674-0d28-4225-80f8-39fb86215de0","state":"PUBLISHED","assignerShortName":"hpe","dateReserved":"2023-06-20T18:41:22.737Z","datePublished":"2023-07-05T14:47:43.236Z","dateUpdated":"2024-12-04T15:39:11.162Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central","vendor":"Hewlett Packard Enterprise (HPE)","versions":[{"status":"affected","version":"- ArubaOS 10.4.x.x:       10.4.0.1 and below"},{"status":"affected","version":"- ArubaOS 8.11.x.x:       8.11.1.0 and below"},{"status":"affected","version":"- ArubaOS 8.10.x.x:       8.10.0.6 and below"},{"status":"affected","version":"- ArubaOS 8.6.x.x:         8.6.0.20 and below"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Erik de Jong (bugcrowd.com/erikdejong)"}],"datePublic":"2023-07-11T19:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level."}],"value":"Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"eb103674-0d28-4225-80f8-39fb86215de0","shortName":"hpe","dateUpdated":"2023-07-05T14:47:43.236Z"},"references":[{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"}],"source":{"discovery":"UNKNOWN"},"title":"Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:37:40.669Z"},"title":"CVE Program Container","references":[{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-04T15:38:41.712067Z","id":"CVE-2023-35976","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-04T15:39:11.162Z"}}]}}