CVE-2023-30501
CVE-2023-30501 is a high-severity vulnerability in Arubanetworks Edgeconnect Enterprise with a CVSS 3.x base score of 7.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.2)
- EPSS exploit prediction: 1% (60th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Arubanetworks Edgeconnect Enterprise
- Published:
- Last modified:
Description
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Frequently asked questions
- What is CVE-2023-30501?
- Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
- How severe is CVE-2023-30501?
- CVE-2023-30501 has a CVSS 3.x base score of 7.2, rated high severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-30501 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (60th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-30501?
- CVE-2023-30501 affects Arubanetworks Edgeconnect Enterprise. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-30501?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2023-30501 published?
- CVE-2023-30501 was published on 2023-05-16 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
More vulnerabilities in Arubanetworks Edgeconnect Enterprise
- CVE-2022-37919 — High (CVSS 7.5): A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this…
- CVE-2023-30506 — High (CVSS 7.2): Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated…
- CVE-2023-30505 — High (CVSS 7.2): Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated…
- CVE-2023-30504 — High (CVSS 7.2): Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated…
- CVE-2023-30503 — High (CVSS 7.2): Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated…
- CVE-2023-30502 — High (CVSS 7.2): Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated…