Unrated severityNVD Advisory· Published Feb 28, 2023· Updated Mar 7, 2025

Multiple Unauthenticated Command Injections in the PAPI Protocol

CVE-2023-22749

Description

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Affected products

HPE/Aruba Access Pointsllm-fuzzy
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Centralv5
Range: ArubaOS 8.6.x.x: 8.6.0.19 and below

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txtmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000