vulnerability
Aruba AOS-S: CVE-2022-23676: Heap Overflow Vulnerabilities in RADIUS EAP Messages
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | May 3, 2022 | Mar 6, 2025 | Jul 2, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
May 3, 2022
Added
Mar 6, 2025
Modified
Jul 2, 2025
Description
Multiple heap overflow vulnerabilities have been discovered in the AOS-S firmware. Successful exploitation of these vulnerabilities could result in the ability to execute arbitrary code. Exploitation of these vulnerabilities requires an attacker-controlled RADIUS server capable of sending access challenge messages to an affected switch. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure. Only AOS-S devices that are configured to use RADIUS are affected by these vulnerabilities.
Solution
aruba-aos-s-cve-2022-23676
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.