vulnerability
Aruba AOS-CX: CVE-2022-25314: Multiple Vulnerabilities in Expat XML processing library
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | 2022-05-17 | 2025-02-24 | 2025-04-03 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
2022-05-17
Added
2025-02-24
Modified
2025-04-03
Description
Vulnerabilities have been identified in a commonly used
component in multiple Aruba products. These vulnerabilities
allow attackers to use specially crafted XML input to
potentially cause denial of service conditions or remote code
execution.
Details can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2022-25235
https://nvd.nist.gov/vuln/detail/CVE-2022-25236
https://nvd.nist.gov/vuln/detail/CVE-2022-25313
https://nvd.nist.gov/vuln/detail/CVE-2022-25314
https://nvd.nist.gov/vuln/detail/CVE-2022-25315
Internal references: ATLCP-191, ATLAX-60, ATLWL-293,
ATLWL-183, ATLWL-292, ATLWL-192,
ATLSP-1
CVSS Vectors and Scores provided by NVD as follows:
CVE-2022-25235 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8 critical
CVE-2022-25236 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8 critical
CVE-2022-25313 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H - 6.5 medium
CVE-2022-25314 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - 7.5 high
CVE-2022-25315 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8 critical
Aruba Threat Labs analyzed and tested these vulnerabilities
in the products using the affected component. What has been
found is that exploitation of this vulnerability is not
straightforward and dependent upon many factors that an
attacker may not be able to control.
Aruba has chosen to keep the NVD provided severity scores as a
reference. The impact on products using the affected component
is very low based on ongoing testing.
component in multiple Aruba products. These vulnerabilities
allow attackers to use specially crafted XML input to
potentially cause denial of service conditions or remote code
execution.
Details can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2022-25235
https://nvd.nist.gov/vuln/detail/CVE-2022-25236
https://nvd.nist.gov/vuln/detail/CVE-2022-25313
https://nvd.nist.gov/vuln/detail/CVE-2022-25314
https://nvd.nist.gov/vuln/detail/CVE-2022-25315
Internal references: ATLCP-191, ATLAX-60, ATLWL-293,
ATLWL-183, ATLWL-292, ATLWL-192,
ATLSP-1
CVSS Vectors and Scores provided by NVD as follows:
CVE-2022-25235 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8 critical
CVE-2022-25236 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8 critical
CVE-2022-25313 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H - 6.5 medium
CVE-2022-25314 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - 7.5 high
CVE-2022-25315 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8 critical
Aruba Threat Labs analyzed and tested these vulnerabilities
in the products using the affected component. What has been
found is that exploitation of this vulnerability is not
straightforward and dependent upon many factors that an
attacker may not be able to control.
Aruba has chosen to keep the NVD provided severity scores as a
reference. The impact on products using the affected component
is very low based on ongoing testing.
Solution
aruba-aos-cx-cve-2022-25314
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.