CVE-2023-38486
Last modified
CVE-2023-38486 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
Metrics
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | >= 8.6.0.0, < 8.6.0.22 |
| Arubanetworks | Arubaos | >= 8.10.0.0, < 8.10.0.7 |
| Arubanetworks | Arubaos | >= 8.11.0.0, < 8.11.1.1 |
| Arubanetworks | Arubaos | >= 10.4.0.0, < 10.4.0.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-38486?
How severe is CVE-2023-38486?
How do I fix CVE-2023-38486?
Are you affected by CVE-2023-38486?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST