All the vulnerabilites related to arubanetworks - instant
var-202103-0157
Vulnerability from variot
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.14"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.6"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.18"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.11"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.10 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.13 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.17 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.0.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.5 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
}
],
"trust": 0.6
},
"cve": "CVE-2020-24635",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-24635",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-24635",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24635",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24635",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1605",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-24635",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
},
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-24635"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24635",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1605",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-24635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
},
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"id": "VAR-202103-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-13T21:04:59.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146183"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24635"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
},
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
},
{
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1605"
},
{
"date": "2021-03-29T20:15:00",
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24635"
},
{
"date": "2021-12-06T07:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-016444"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1605"
},
{
"date": "2022-05-12T20:15:00",
"db": "NVD",
"id": "CVE-2020-24635"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1605"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1339
Vulnerability from variot
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.11"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.6"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.14"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.18"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.10 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.13 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.17 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.0.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.5 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25146",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25146",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-25146",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25146",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25146",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25146",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
},
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25146"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-25146",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1590",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25146",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
},
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"id": "VAR-202103-1339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-05T06:54:37.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146368"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25146"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
},
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
},
{
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1590"
},
{
"date": "2021-03-30T01:15:00",
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25146"
},
{
"date": "2021-12-06T02:45:00",
"db": "JVNDB",
"id": "JVNDB-2021-005002"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1590"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2021-25146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1344
Vulnerability from variot
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1344",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.0"
},
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.1"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.7"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.6 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25156",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2021-25156",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25156",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25156",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1637",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25156",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
},
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25156"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25156",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1637",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25156",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
},
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"id": "VAR-202103-1344",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-05T07:06:21.684000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146379"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25156"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
},
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
},
{
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1637"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25156"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004918"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1637"
},
{
"date": "2022-04-22T18:22:00",
"db": "NVD",
"id": "CVE-2021-25156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1637"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004918"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-0158
Vulnerability from variot
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.14"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.6"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.18"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.11"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.10 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.13 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.17 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.0.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.5 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
}
],
"trust": 0.6
},
"cve": "CVE-2020-24636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-24636",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-24636",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24636",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24636",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1604",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-24636",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
},
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-24636"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24636",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1604",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-24636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
},
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"id": "VAR-202103-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-13T21:03:52.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146182"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24636"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
},
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
},
{
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1604"
},
{
"date": "2021-03-29T20:15:00",
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24636"
},
{
"date": "2021-12-06T07:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-016446"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1604"
},
{
"date": "2022-05-12T20:15:00",
"db": "NVD",
"id": "CVE-2020-24636"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1604"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-0054
Vulnerability from variot
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.7"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.13"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.3"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.17"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.17"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.16 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.6 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.2 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.12 for up to 8.3.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.17",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5319",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5319",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5319",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5319",
"trust": 1.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1638",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-5319",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
},
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2019-5319"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5319",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051407",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-5319",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
},
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"id": "VAR-202103-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T07:36:43.554000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146380"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5319"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051407"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
},
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
},
{
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"date": "2021-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1638"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5319"
},
{
"date": "2021-12-03T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2019-016235"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1638"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2019-5319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Buffer Overflow Vulnerability in Linux",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1638"
}
],
"trust": 1.2
}
}
var-202103-0053
Vulnerability from variot
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.4.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.16"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.7"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.12"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.4.0.6"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.18 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.15 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.4.0.5 for up to 8.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.11 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.6 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.2 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.16",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.12",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.4.0.6",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1622"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5317",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2019-5317",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5317",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5317",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1622",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5317",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1622"
},
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2019-5317"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5317",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051407",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1622",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-5317",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1622"
},
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"id": "VAR-202103-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-05T07:04:56.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146185"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1622"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5317"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051407"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1622"
},
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1622"
},
{
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1622"
},
{
"date": "2021-03-29T16:15:00",
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5317"
},
{
"date": "2021-12-06T07:04:00",
"db": "JVNDB",
"id": "JVNDB-2019-016236"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1622"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2019-5317"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016236"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1342
Vulnerability from variot
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.14"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.11"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.5"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.10 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.4 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.13 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.17 for up to 6.5.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25150",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25150",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25150",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25150",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1585",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25150",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
},
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25150"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-25150",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1585",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25150",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
},
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"id": "VAR-202103-1342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T07:20:21.551000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146363"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25150"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
},
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
},
{
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1585"
},
{
"date": "2021-03-30T01:15:00",
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25150"
},
{
"date": "2021-12-06T02:21:00",
"db": "JVNDB",
"id": "JVNDB-2021-004999"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1585"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2021-25150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004999"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1346
Vulnerability from variot
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1346",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.8"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.2"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.7 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.1 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-25158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-25158",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25158",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25158",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1635",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25158",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
},
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25158"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25158"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25158",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1635",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25158",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
},
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"id": "VAR-202103-1346",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T08:14:15.277000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146377"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.0
},
{
"problemtype": "Race condition (CWE-362) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25158"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
},
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
},
{
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1635"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25158"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004917"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1635"
},
{
"date": "2022-04-22T01:48:00",
"db": "NVD",
"id": "CVE-2021-25158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Race Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004917"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201910-1493
Vulnerability from variot
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. Aruba Instant Contains an injection vulnerability.Information may be obtained. ALEAlcatelOmniAccessWirelessAccessPoint is a wireless access point device from ALE France. A security vulnerability exists in ALEAlcatelOmniAccessWirelessAccessPoint. An attacker could exploit the vulnerability to view configuration commands by sending a specially crafted URL. Siemens SCALANCE W1750D is prone to following security vulnerabilities: 1. Multiple information disclosure vulnerabilities 2. Multiple remote command injection vulnerabilities Attackers can exploit these issues to obtain sensitive information, or execute arbitrary commands or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Versions prior to SCALANCE W1750D 8.4.0.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1493",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.4.0.1"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.11"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.4.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "4.0.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.6"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "4.2.4.12"
},
{
"model": "w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.4.0.1"
},
{
"model": "instant",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "8.4.x"
},
{
"model": "instant",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "8.4.0.1"
},
{
"model": "instant",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "8.3.0.6"
},
{
"model": "instant",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.4.11"
},
{
"model": "instant",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "8.3.x"
},
{
"model": "instant",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.4.4.8-4.2.4.12"
},
{
"model": "w1750d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "instant",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "4.x"
},
{
"model": "instant",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "alcatel omniaccess wireless access point",
"scope": null,
"trust": 0.6,
"vendor": "ale",
"version": null
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance w1750d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "8.4.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"db": "BID",
"id": "108374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "NVD",
"id": "CVE-2018-16417"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.4.12",
"versionStartIncluding": "4.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.4.0.1",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.6",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.11",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.4.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16417"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
],
"trust": 0.6
},
"cve": "CVE-2018-16417",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-16417",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06344",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-16417",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16417",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-06344",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-052",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-16417",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. Aruba Instant Contains an injection vulnerability.Information may be obtained. ALEAlcatelOmniAccessWirelessAccessPoint is a wireless access point device from ALE France. A security vulnerability exists in ALEAlcatelOmniAccessWirelessAccessPoint. An attacker could exploit the vulnerability to view configuration commands by sending a specially crafted URL. Siemens SCALANCE W1750D is prone to following security vulnerabilities:\n1. Multiple information disclosure vulnerabilities\n2. Multiple remote command injection vulnerabilities\nAttackers can exploit these issues to obtain sensitive information, or execute arbitrary commands or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. \nVersions prior to SCALANCE W1750D 8.4.0.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"db": "BID",
"id": "108374"
},
{
"db": "VULMON",
"id": "CVE-2018-16417"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16417",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-07",
"trust": 2.8
},
{
"db": "BID",
"id": "108374",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-549547",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-06344",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-02",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1716.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-052",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-16417",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"db": "BID",
"id": "108374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
]
},
"id": "VAR-201910-1493",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
}
]
},
"last_update_date": "2023-12-18T12:28:15.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2019-001",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2019-001.txt"
},
{
"title": "SSA-549547",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f04f471bbc12c6e00cc683978d7f0589"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "NVD",
"id": "CVE-2018-16417"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/108374"
},
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-134-07"
},
{
"trust": 1.7,
"url": "https://www.anquanke.com/vul/id/1652568"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2019-001.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16417"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/alcatel-lucent-enterprise-omniaccess-wlan-instant-multiple-vulnerabilities-28646"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-07"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16417"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80946"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"db": "BID",
"id": "108374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"db": "BID",
"id": "108374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"date": "2019-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108374"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"date": "2019-10-30T17:15:11.877000",
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06344"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16417"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108374"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016143"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-16417"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Instant Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-052"
}
],
"trust": 0.6
}
}
var-202103-1337
Vulnerability from variot
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.7"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.13"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.3"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.17"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.16 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.12 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.6 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.2 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25144",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25144",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25144",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1599",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25144",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
},
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25144"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25144",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1599",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25144",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
},
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"id": "VAR-202103-1337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T08:12:33.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146035"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25144"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
},
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
},
{
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"date": "2021-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1599"
},
{
"date": "2021-03-29T20:15:00",
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25144"
},
{
"date": "2021-04-06T05:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-001316"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1599"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2021-25144"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1599"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0 Buffer Overflow Vulnerability in Linux",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1333
Vulnerability from variot
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.8"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.2"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.7 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.1 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25160",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2021-25160",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25160",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25160",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1633",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
},
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25160"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25160",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1633",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25160",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
},
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"id": "VAR-202103-1333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T08:21:39.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Instant Access Point Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146375"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25160"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
},
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
},
{
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1633"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25160"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004921"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1633"
},
{
"date": "2022-04-22T01:47:00",
"db": "NVD",
"id": "CVE-2021-25160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1633"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004921"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1347
Vulnerability from variot
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.2"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.8"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.7 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.1 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25159",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2021-25159",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25159",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25159",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1642",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25159",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
},
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25159"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25159",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1642",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25159",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
},
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"id": "VAR-202103-1347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T08:02:44.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Instant Access Point Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146383"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25159"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
},
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
},
{
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1642"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25159"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004920"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1642"
},
{
"date": "2022-04-22T18:35:00",
"db": "NVD",
"id": "CVE-2021-25159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1642"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004920"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1335
Vulnerability from variot
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.2"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.8"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.7 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.1 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25162",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-25162",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-25162",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25162",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25162",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1630",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25162",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
},
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25162"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25162",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50136",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1630",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25162",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
},
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"id": "VAR-202103-1335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T07:46:36.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Instant Access Point Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146373"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
},
{
"title": "CVE-2021-25162",
"trust": 0.1,
"url": "https://github.com/twentybel0w/cve-2021-25162 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25162"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50136"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://github.com/twentybel0w/cve-2021-25162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
},
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
},
{
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1630"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25162"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004923"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1630"
},
{
"date": "2022-04-22T18:40:00",
"db": "NVD",
"id": "CVE-2021-25162"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1630"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004923"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1345
Vulnerability from variot
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.1"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.7"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.6 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25157",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-25157",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25157",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25157",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1634",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25157",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
},
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25157"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25157",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1634",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25157",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
},
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"id": "VAR-202103-1345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T07:08:42.064000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146376"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25157"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
},
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
},
{
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1634"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25157"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004919"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1634"
},
{
"date": "2022-04-22T18:31:00",
"db": "NVD",
"id": "CVE-2021-25157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1334
Vulnerability from variot
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.2"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.8"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.7 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.1 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-25161",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25161",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-25161",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25161",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1631",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25161",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
},
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25161"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25161",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1631",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25161",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
},
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"id": "VAR-202103-1334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T07:54:37.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Instant Access Point Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146374"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25161"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
},
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
},
{
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1631"
},
{
"date": "2021-03-30T02:15:00",
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25161"
},
{
"date": "2021-12-02T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-004922"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1631"
},
{
"date": "2022-04-22T18:39:00",
"db": "NVD",
"id": "CVE-2021-25161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1631"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004922"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1343
Vulnerability from variot
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance w1750d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.1.3"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.12"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.1"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.7"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.1.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.6 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.11 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25155",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2021-25155",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25155",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25155",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1619",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25155",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
},
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25155"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25155",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "163522",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "163524",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50133",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1619",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25155",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
},
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"id": "VAR-202103-1343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T07:28:09.168000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146372"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/163524/aruba-instant-8.7.1.0-arbitrary-file-modification.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25155"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50133"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
},
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
},
{
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1619"
},
{
"date": "2021-03-30T01:15:00",
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25155"
},
{
"date": "2021-12-06T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2021-004998"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1619"
},
{
"date": "2022-04-22T18:20:00",
"db": "NVD",
"id": "CVE-2021-25155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1619"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1336
Vulnerability from variot
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.10"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.13"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.5"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.12 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.9 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.4 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.10",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-25143",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-25143",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25143",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25143",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1600",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25143",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
},
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25143"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25143"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25143",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1600",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25143",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
},
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"id": "VAR-202103-1336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-28T21:20:51.254000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146036"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25143"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
},
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
},
{
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"date": "2021-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1600"
},
{
"date": "2021-03-29T20:15:00",
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25143"
},
{
"date": "2021-04-06T05:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-001315"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1600"
},
{
"date": "2022-05-27T19:03:00",
"db": "NVD",
"id": "CVE-2021-25143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1600"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001315"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1340
Vulnerability from variot
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.14"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.11"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.5"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.10 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.4 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.13 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.17 for up to 6.5.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25148",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25148",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25148",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25148",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1588",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25148",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
},
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25148"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-25148",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1588",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25148",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
},
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"id": "VAR-202103-1340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-04T08:08:57.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146366"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25148"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
},
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
},
{
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1588"
},
{
"date": "2021-03-30T00:15:00",
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25148"
},
{
"date": "2021-12-06T03:21:00",
"db": "JVNDB",
"id": "JVNDB-2021-005004"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1588"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2021-25148"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1588"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202103-1338
Vulnerability from variot
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.11"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.19"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.6"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.1.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.15"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.7.0.0"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.18 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.10 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.14 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.7.0.0 for up to 8.7.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.5 for up to 8.6.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.18 for up to 6.5.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2021-25145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25145",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25145",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25145",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1589",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25145",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
},
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25145"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-25145",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1589",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25145",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
},
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"id": "VAR-202103-1338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-05T07:02:59.051000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146367"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25145"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
},
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
},
{
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1589"
},
{
"date": "2021-03-30T00:15:00",
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25145"
},
{
"date": "2021-12-06T04:48:00",
"db": "JVNDB",
"id": "JVNDB-2021-005005"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1589"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2021-25145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1589"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005005"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201712-0434
Vulnerability from variot
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT.". TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. wolfSSL Contains a cryptographic vulnerability.Information may be obtained. wolfSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. Versions prior to wolfSSL 3.12.2 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wolfssl",
"scope": "lt",
"trust": 1.8,
"vendor": "wolfssl",
"version": "3.12.2"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.3.0.1"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.6"
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.9,
"vendor": "wolfssl",
"version": "3.9.8"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "erlang",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "legion of the bouncy castle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "matrixssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "micro focus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wolfssl",
"version": null
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.6,
"vendor": "wolfssl",
"version": "3.10.0a"
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.6,
"vendor": "wolfssl",
"version": "3.6.6"
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.6,
"vendor": "wolfssl",
"version": "3.10.0"
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.6,
"vendor": "wolfssl",
"version": "3.10.4"
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.3,
"vendor": "wolfssl",
"version": "3.9.10"
},
{
"model": "wolfssl",
"scope": "eq",
"trust": 0.3,
"vendor": "wolfssl",
"version": "3.9.9"
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "wolfssl",
"scope": "ne",
"trust": 0.3,
"vendor": "wolfssl",
"version": "3.12.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "BID",
"id": "102174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.12.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanno Boeck, Juraj Somorovsky of Ruhr-Universit\u00e4t Bochum / Hackmanit GmbH, and Craig Young of Tripwire VERT.",
"sources": [
{
"db": "BID",
"id": "102174"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13099",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-13099",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-13099",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13099",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-574",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13099",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\". TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. wolfSSL Contains a cryptographic vulnerability.Information may be obtained. wolfSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. \nVersions prior to wolfSSL 3.12.2 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13099"
},
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "BID",
"id": "102174"
},
{
"db": "VULMON",
"id": "CVE-2017-13099"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#144389",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-13099",
"trust": 2.8
},
{
"db": "BID",
"id": "102174",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-464260",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-282-02",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU92438713",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-13099",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"db": "BID",
"id": "102174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"id": "VAR-201712-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-11T23:20:28.065000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix for handling of static RSA padding failures #1229",
"trust": 0.8,
"url": "https://github.com/wolfssl/wolfssl/pull/1229"
},
{
"title": "wolfSSL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77142"
},
{
"title": "Debian CVElist Bug Report Logs: wolfssl: CVE-2017-13099",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=56199568e08a4a88b5a4f0a0fa827165"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"trust": 2.8,
"url": "https://github.com/wolfssl/wolfssl/pull/1229"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/102174"
},
{
"trust": 1.7,
"url": "https://robotattack.org/"
},
{
"trust": 1.7,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-002.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.8,
"url": "https://robotattack.org"
},
{
"trust": 0.8,
"url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf"
},
{
"trust": 0.8,
"url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf"
},
{
"trust": 0.8,
"url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1"
},
{
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
},
{
"trust": 0.8,
"url": "https://support.citrix.com/article/ctx230238"
},
{
"trust": 0.8,
"url": "https://support.f5.com/csp/article/k21905460"
},
{
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
},
{
"trust": 0.8,
"url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md"
},
{
"trust": 0.8,
"url": "https://support.microfocus.com/kb/doc.php?id=7022561"
},
{
"trust": 0.8,
"url": "https://community.rsa.com/docs/doc-85268"
},
{
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13099"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-282-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92438713/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13099"
},
{
"trust": 0.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-282-02"
},
{
"trust": 0.3,
"url": "https://www.wolfssl.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884235"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"db": "BID",
"id": "102174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"db": "BID",
"id": "102174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-12T00:00:00",
"db": "CERT/CC",
"id": "VU#144389"
},
{
"date": "2017-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102174"
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"date": "2017-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"date": "2017-12-13T01:29:00",
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-09T00:00:00",
"db": "CERT/CC",
"id": "VU#144389"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13099"
},
{
"date": "2018-10-10T12:00:00",
"db": "BID",
"id": "102174"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011590"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-574"
},
{
"date": "2019-10-09T23:23:00",
"db": "NVD",
"id": "CVE-2017-13099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding",
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-574"
}
],
"trust": 0.6
}
}
var-202103-1341
Vulnerability from variot
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.7"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.5.0.0"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0.0"
},
{
"model": "instant",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.8-4.2.4.18"
},
{
"model": "instant",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.0"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.3.0.13"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.6.0.3"
},
{
"model": "instant",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.17"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.5.4.16 for up to 6.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "6.4.4.8-4.2.4.17 for up to 6.4.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.3.0.12 for up to 8.3.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.5.0.6 for up to 8.5.x"
},
{
"model": "aruba instant",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "8.6.0.2 for up to 8.6.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-25149",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-25149",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25149",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25149",
"trust": 1.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1587",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-25149",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
},
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-25149"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-723417",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-25149",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051408",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1587",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25149",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
},
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"id": "VAR-202103-1341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.13247864
},
"last_update_date": "2022-05-05T07:01:52.323000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-007",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"title": "Aruba Access Points Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146365"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b1ac2d6b2f8faa082fe9da88ef8fd61d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"trust": 1.7,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25149"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051408"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
},
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
},
{
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"date": "2021-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1587"
},
{
"date": "2021-03-30T00:15:00",
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25149"
},
{
"date": "2021-12-06T02:58:00",
"db": "JVNDB",
"id": "JVNDB-2021-005003"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1587"
},
{
"date": "2021-05-11T13:15:00",
"db": "NVD",
"id": "CVE-2021-25149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1587"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba\u00a0Instant\u00a0Access\u00a0Point\u00a0 Buffer Overflow Vulnerability in Linux",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
cve-2021-25162
Vulnerability from cvelistv5
Published
2021-03-30 01:43
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:24",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25162",
"datePublished": "2021-03-30T01:43:16",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25148
Vulnerability from cvelistv5
Published
2021-03-29 23:56
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.4 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:40",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25148",
"datePublished": "2021-03-29T23:56:15",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25146
Vulnerability from cvelistv5
Published
2021-03-30 00:09
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:45",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25146",
"datePublished": "2021-03-30T00:09:16",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25150
Vulnerability from cvelistv5
Published
2021-03-30 00:11
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.4 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:43",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25150",
"datePublished": "2021-03-30T00:11:24",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37895
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37895",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25149
Vulnerability from cvelistv5
Published
2021-03-29 23:58
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.16 and below Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:37",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25149",
"datePublished": "2021-03-29T23:58:04",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25144
Vulnerability from cvelistv5
Published
2021-03-29 19:06
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.16 and below Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:48",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25144",
"datePublished": "2021-03-29T19:06:41",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25158
Vulnerability from cvelistv5
Published
2021-03-30 01:32
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:22",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25158",
"datePublished": "2021-03-30T01:32:28",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5317
Vulnerability from cvelistv5
Published
2021-03-29 15:48
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below Version: Aruba Instant 6.5.x: 6.5.4.15 and below Version: Aruba Instant 8.3.x: 8.3.0.11 and below Version: Aruba Instant 8.4.x: 8.4.0.5 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.15 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.4.x: 8.4.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:43",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.15 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.11 and below"
},
{
"version_value": "Aruba Instant 8.4.x: 8.4.0.5 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5317",
"datePublished": "2021-03-29T15:48:03",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25155
Vulnerability from cvelistv5
Published
2021-03-30 00:13
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.6 and below Version: Aruba Instant 8.7.x: 8.7.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:28",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25155",
"datePublished": "2021-03-30T00:13:23",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37892
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37892",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37885
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37885",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37893
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37893",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25157
Vulnerability from cvelistv5
Published
2021-03-30 01:33
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.6 and below Version: Aruba Instant 8.7.x: 8.7.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:35",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25157",
"datePublished": "2021-03-30T01:33:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37889
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37889",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37891
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37891",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37886
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37886",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24635
Vulnerability from cvelistv5
Published
2021-03-29 19:05
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:40",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24635",
"datePublished": "2021-03-29T19:05:06",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24636
Vulnerability from cvelistv5
Published
2021-03-29 19:08
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:45",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24636",
"datePublished": "2021-03-29T19:08:15",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37894
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37894",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25161
Vulnerability from cvelistv5
Published
2021-03-30 01:44
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:38",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25161",
"datePublished": "2021-03-30T01:44:43",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37896
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37896",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25159
Vulnerability from cvelistv5
Published
2021-03-30 01:35
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:30",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25159",
"datePublished": "2021-03-30T01:35:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16417
Vulnerability from cvelistv5
Published
2019-10-30 16:26
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/108374 | vdb-entry, x_refsource_BID | |
| https://www.us-cert.gov/ics/advisories/ICSA-19-134-07 | x_refsource_MISC | |
| https://www.anquanke.com/vul/id/1652568 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.anquanke.com/vul/id/1652568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T16:28:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.anquanke.com/vul/id/1652568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
},
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"name": "https://www.anquanke.com/vul/id/1652568",
"refsource": "MISC",
"url": "https://www.anquanke.com/vul/id/1652568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16417",
"datePublished": "2019-10-30T16:26:32",
"dateReserved": "2018-09-03T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5319
Vulnerability from cvelistv5
Published
2021-03-30 01:45
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.16 and below Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:42",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5319",
"datePublished": "2021-03-30T01:45:47",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13099
Vulnerability from cvelistv5
Published
2017-12-13 01:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102174 | vdb-entry, x_refsource_BID | |
| https://robotattack.org/ | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf | x_refsource_CONFIRM | |
| http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/144389 | third-party-advisory, x_refsource_CERT-VN | |
| https://github.com/wolfSSL/wolfssl/pull/1229 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://robotattack.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"name": "VU#144389",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"all"
],
"product": "wolfSSL",
"vendor": "wolfSSL",
"versions": [
{
"status": "affected",
"version": "\u003c3.12.2"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\""
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "102174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://robotattack.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"name": "VU#144389",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
}
],
"title": "wolfSSL Bleichenbacher/ROBOT",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2017-12-12",
"ID": "CVE-2017-13099",
"STATE": "PUBLIC",
"TITLE": "wolfSSL Bleichenbacher/ROBOT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wolfSSL",
"version": {
"version_data": [
{
"platform": "all",
"version_value": "\u003c3.12.2"
}
]
}
}
]
},
"vendor_name": "wolfSSL"
}
]
}
},
"credit": [
""
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\""
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102174"
},
{
"name": "https://robotattack.org/",
"refsource": "MISC",
"url": "https://robotattack.org/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"name": "https://github.com/wolfSSL/wolfssl/pull/1229",
"refsource": "CONFIRM",
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13099",
"datePublished": "2017-12-13T01:00:00Z",
"dateReserved": "2017-08-22T00:00:00",
"dateUpdated": "2024-09-16T17:08:12.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25156
Vulnerability from cvelistv5
Published
2021-03-30 01:30
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.6 and below Version: Aruba Instant 8.7.x: 8.7.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary directory create",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:33",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary directory create"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25156",
"datePublished": "2021-03-30T01:30:54",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37888
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37888",
"datePublished": "2022-10-06T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37890
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37890",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37887
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37887",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25143
Vulnerability from cvelistv5
Published
2021-03-29 19:03
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.9 and below Version: Aruba Instant 8.6.x: 8.6.0.4 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.9 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote denial of service (dos)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:37",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.9 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service (dos)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25143",
"datePublished": "2021-03-29T19:03:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25160
Vulnerability from cvelistv5
Published
2021-03-30 01:42
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:26",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25160",
"datePublished": "2021-03-30T01:42:05",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25145
Vulnerability from cvelistv5
Published
2021-03-29 23:54
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthorized disclosure of information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:46",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized disclosure of information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25145",
"datePublished": "2021-03-29T23:54:02",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10 ,podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de una v\u00edctima en el contexto de la interfaz afectada de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37892",
"lastModified": "2024-11-21T07:15:19.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.497",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37886",
"lastModified": "2024-11-21T07:15:18.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 01:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C26250B-FA0B-4DEA-A3CD-701465A89A2E",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7D09D1-F5E2-4CD8-A50F-97CD6A800106",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25155",
"lastModified": "2024-11-21T05:54:27.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T01:15:12.863",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C7DF37-240A-4A9F-B21D-E60C51DC5765",
"versionEndExcluding": "8.5.0.10",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69D1D-F180-4E4D-A76B-7459684D410B",
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DOS) remota en algunos productos Aruba Instant Access Point (IAP) en las versiones: Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.9 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-25143",
"lastModified": "2024-11-21T05:54:26.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:13.157",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C26250B-FA0B-4DEA-A3CD-701465A89A2E",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "037510F1-36AA-48A6-86F1-D015D0D7F746",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de creaci\u00f3n de directorio arbitrario remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25156",
"lastModified": "2024-11-21T05:54:28.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.470",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4",
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en las versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-25144",
"lastModified": "2024-11-21T05:54:26.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:13.203",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 17:15
Modified
2024-11-21 03:52
Severity ?
Summary
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | w1750d_firmware | * | |
| siemens | w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2CC454-39A5-4D56-BB87-DF9B48303FFB",
"versionEndExcluding": "4.2.4.12",
"versionStartIncluding": "4.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "615BA62B-7BA9-43DA-A4A8-E83F81513EC3",
"versionEndExcluding": "6.5.4.11",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B16A6954-EB81-4BB4-B612-D02415AEE765",
"versionEndExcluding": "8.3.0.6",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715B7F25-4EFA-4BA6-995B-9E84C59116EC",
"versionEndExcluding": "8.4.0.1",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBFE706-F452-4018-85AE-855B971CE206",
"versionEndExcluding": "8.4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF5733F-79FB-4EBB-AC5B-BA4B75A80AB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
},
{
"lang": "es",
"value": "Aruba Instant versiones 4.x anteriores a la versi\u00f3n 6.4.4.8-4.2.4.12, versiones 6.5.x anteriores a la versi\u00f3n 6.5.4.11, versiones 8.3.x anteriores a 8.3.0.6 y versiones 8.4.x anteriores a la versi\u00f3n 8.4.0.1, permite una Inyecci\u00f3n de Comandos."
}
],
"id": "CVE-2018-16417",
"lastModified": "2024-11-21T03:52:42.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T17:15:11.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.anquanke.com/vul/id/1652568"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.anquanke.com/vul/id/1652568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 01:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25146",
"lastModified": "2024-11-21T05:54:26.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T01:15:12.737",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad resulta en la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4. 23 y siguientes; Aruba InstantOS 8.6.x: 8.6.0.18 y siguientes; Aruba InstantOS 8.7.x: 8.7.1.9 y siguientes; Aruba InstantOS 8.10.x: 8.10.0.1 y siguientes; ArubaOS 10.3.x: 10.3.1.0 y siguientes; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37893",
"lastModified": "2024-11-21T07:15:19.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:12.597",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticado en el manejo de determinadas cadenas SSID por Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del AP afectado de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37895",
"lastModified": "2024-11-21T07:15:19.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:13.040",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer no autenticado en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8.6.x: 8.6. 0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37891",
"lastModified": "2024-11-21T07:15:19.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.430",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:15
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2020-24636",
"lastModified": "2024-11-21T05:15:18.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:12.813",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25162",
"lastModified": "2024-11-21T05:54:28.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.987",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37885",
"lastModified": "2024-11-21T07:15:18.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.067",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37889",
"lastModified": "2024-11-21T07:15:19.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.307",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10 podr\u00eda permitir a un atacante remoto conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de la interfaz. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de una v\u00edctima en el contexto de la interfaz afectada de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37896",
"lastModified": "2024-11-21T07:15:19.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:13.207",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el manejo de determinadas cadenas SSID por parte de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad resulta en la capacidad de interrumpir la operaci\u00f3n normal del AP afectado de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37894",
"lastModified": "2024-11-21T07:15:19.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:12.887",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594125E5-3B50-4D78-A36E-377D637E3F7B",
"versionEndIncluding": "6.4.4.8-4.2.4.17",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4",
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2019-5319",
"lastModified": "2024-11-21T04:44:44.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.093",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 00:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69D1D-F180-4E4D-A76B-7459684D410B",
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25148",
"lastModified": "2024-11-21T05:54:26.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T00:15:12.643",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 01:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69D1D-F180-4E4D-A76B-7459684D410B",
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25150",
"lastModified": "2024-11-21T05:54:27.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T01:15:12.800",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-13 01:29
Modified
2024-11-21 03:10
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wolfssl | wolfssl | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - | |
| arubanetworks | instant | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2A9A14-1B1B-4DE6-8FED-52D9AB890B80",
"versionEndExcluding": "3.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A40BE1-05C5-4755-BDE9-17BA6A4F1953",
"versionEndExcluding": "8.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1985B038-1E77-4629-A52C-F0ACD78AF7FE",
"versionEndExcluding": "6.5.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\""
},
{
"lang": "es",
"value": "wolfSSL en versiones anteriores a la 3.12.2 proporciona un or\u00e1culo de Bleichenbacher d\u00e9bil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicaci\u00f3n wolfSSL vulnerable. Esta vulnerabilidad es conocida como \"ROBOT\"."
}
],
"id": "CVE-2017-13099",
"lastModified": "2024-11-21T03:10:58.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T01:29:00.343",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://robotattack.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://robotattack.org/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25159",
"lastModified": "2024-11-21T05:54:28.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.767",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-06 18:16
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:ap-103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45B3C8-D048-4EA8-83DF-F99BDB88894C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-114:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF896539-EC3B-4DA0-B955-08E9C7E897EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC40C9-6EF5-4CE9-A74D-A042598899DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEC8F63-AFAF-4C28-81B4-DBEDC3B01339",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF600978-50DE-4534-8063-F064BC68AC1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D34B3C-71E2-44D2-AFC0-253A7B62C386",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "559619E9-DE70-4259-8F79-23CC5ACF6C5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16277CC2-2A9A-44D3-8BC2-C77BE2435D1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50B5B834-3443-4EA0-98F1-809917EF6904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "198EA730-8E4F-4AF0-ACA2-39B6BC266422",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E897029-8910-4D9B-841E-21B94ACC66DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A62E7C-5B33-461F-B92F-9E4E765A84A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE6FCBF-87BD-484B-BA0B-464DD7666F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88193D54-C8F9-48BC-8541-E0FDECE57828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-303:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F7C91F-FA10-426A-BD14-098F0D06B636",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC166340-BF92-447F-9468-AFB658B7FC3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB70364-2497-487D-AA82-7139B7BA81D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5831B-74AC-4189-87F8-18BC170AC10F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAA199F-9D74-4122-855B-1044C27B84A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-318:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1070A64-2765-4F43-97DE-FD24B08CB802",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F50F4A-80C7-4A32-90F1-C5838ADFE8F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F1C511-B9F7-4499-B33C-8B3D7551537B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-334:-:*:*:*:*:*:*:*",
"matchCriteriaId": "788F8BF1-1AA0-4BB9-BE5E-60575A5ED054",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9725F571-C957-44C7-9ECB-58D888315AA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC18D01-F71E-4200-A585-AB8EDA66F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E235F24-7AAB-49A0-81DA-E3B03290CD45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB66E34-16CC-4CF4-A544-EC7C1BF47386",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-514:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D51F66-864C-4EEE-BC9D-5DC6E3D54D4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5C706F-F87B-4DF7-A85C-54A5229183C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-534:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E4D103-8A2F-4CC9-B51C-0D4AB5F97261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-535:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F96A1322-03A5-461C-A5A1-2102852A719D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F8A98B-6D70-4C8A-9379-FC66B10BAFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0219C4A-855C-4CCC-9C56-499697A91B94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18C831D-4D5C-4A50-8101-2CFB3D1B5210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56700415-4944-4364-B010-213B06526062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-114:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71A1AEEA-F680-4A04-93AD-B232E0E95C5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BD77D5-A2E1-4AFF-AF1B-0D010DC85287",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E43247-386E-42EE-A5E0-F4857B59AE85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E815C-64FF-4D1D-A029-C0257CE71740",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BF805A-B08D-4728-A0A2-9FC00F5AADAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E75FEF6-1D57-4689-BFB5-32E390A01798",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "994278AA-D708-4A75-AE67-F67A16D1A586",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1C5D34-AD4A-4994-9E53-0F062304F2EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D1E253-FAA4-42CC-8105-4D0502C85E01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E4ED7F-62B7-4BB1-BE92-0CC0C7DBCD96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "851E2D25-705C-4F51-A990-246C2E4D8F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-318:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E128A41C-307F-4A1D-B263-E4150059B76F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4842D72-E733-4166-9604-4AEA6CC2E892",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32EEA27C-3219-4D02-B2D3-973D0DAF0914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-334:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B5F287-EEB8-4C33-99D2-520E217D800C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:rap-108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7069C938-C883-4533-B043-53721566398A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:rap-109:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9AA606-14EE-48DC-BE12-1A0807DFB1E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remoto no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de gesti\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InnstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37888",
"lastModified": "2024-11-21T07:15:18.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-06T18:16:05.287",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Vendor Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de lectura remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25158",
"lastModified": "2024-11-21T05:54:28.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.673",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80421624-CABE-45F8-9B05-2F7B2DCC36E0",
"versionEndExcluding": "6.5.4.16",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7204DFE4-A95D-4D06-8435-C01A3DB4E9BA",
"versionEndExcluding": "8.3.0.12",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "510D1437-FE00-4B6C-8561-07EDC058EE92",
"versionEndExcluding": "8.4.0.6",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n local en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.15 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.4.x: 8.4.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba, ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2019-5317",
"lastModified": "2024-11-21T04:44:44.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T16:15:12.600",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer no autenticadas en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8.6.x: 8.6. 0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37890",
"lastModified": "2024-11-21T07:15:19.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.363",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site scripting (xss) remota en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25161",
"lastModified": "2024-11-21T05:54:28.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.937",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37887",
"lastModified": "2024-11-21T07:15:18.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.237",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 00:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de divulgaci\u00f3n remota de informaci\u00f3n no autorizada en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25145",
"lastModified": "2024-11-21T05:54:26.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T00:15:12.580",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C26250B-FA0B-4DEA-A3CD-701465A89A2E",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7D09D1-F5E2-4CD8-A50F-97CD6A800106",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de lectura remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25157",
"lastModified": "2024-11-21T05:54:28.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.580",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:15
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2020-24635",
"lastModified": "2024-11-21T05:15:18.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:12.750",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25160",
"lastModified": "2024-11-21T05:54:28.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.860",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 00:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4",
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25149",
"lastModified": "2024-11-21T05:54:26.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T00:15:12.707",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}