All the vulnerabilites related to arubanetworks - sd-wan
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level." } ], "id": "CVE-2023-35976", "lastModified": "2024-11-21T08:09:05.690", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.650", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22750", "lastModified": "2024-11-21T07:45:21.200", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.620", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \n\n" }, { "lang": "es", "value": "Existe una vulnerabilidad en bootloader de ArubaOS en los controladores de la serie 7xxx que puede provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un sistema afectado. Un atacante exitoso puede causar un bloqueo del sistema que solo puede resolverse mediante un ciclo de encendido del controlador afectado." } ], "id": "CVE-2022-37907", "lastModified": "2024-11-21T07:15:21.517", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.120", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22749", "lastModified": "2024-11-21T07:45:21.070", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.560", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - | |
arubanetworks | sd-wan | * | |
arubanetworks | sd-wan | * | |
arubanetworks | 9004 | - | |
arubanetworks | 9004-lte | - | |
arubanetworks | 9012 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "54105104-BEC9-4E17-BE32-96F2111310F1", "versionEndExcluding": "8.5.0.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271", "versionEndExcluding": "8.7.1.0", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A", "versionEndExcluding": "2.1.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4", "versionEndExcluding": "2.2.0.1", "versionStartIncluding": "2.2.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." }, { "lang": "es", "value": "Dos vulnerabilidades en la implementaci\u00f3n de ArubaOS GRUB2 permiten a un atacante omitir el arranque seguro.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda conllevar a un compromiso remoto de la integridad del sistema al permitir a un atacante cargar un kernel modificado o no confiable en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y anteriores;\u0026#xa0;6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo;\u0026#xa0;6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo" } ], "id": "CVE-2020-24637", "lastModified": "2024-11-21T05:15:18.577", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-12-11T02:15:11.117", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22763", "lastModified": "2024-11-21T07:45:22.727", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.500", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "id": "CVE-2023-22758", "lastModified": "2024-11-21T07:45:22.140", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.170", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22765", "lastModified": "2024-11-21T07:45:22.970", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.637", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n" } ], "id": "CVE-2023-22776", "lastModified": "2024-11-21T07:45:24.307", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.473", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22768", "lastModified": "2024-11-21T07:45:23.337", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.833", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller." } ], "id": "CVE-2023-35979", "lastModified": "2024-11-21T08:09:06.043", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.863", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" }, { "lang": "es", "value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37912", "lastModified": "2024-11-21T07:15:22.153", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.440", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated remote command injection vulnerability\u00a0exists in the ArubaOS web-based management interface.\u00a0Successful exploitation of this vulnerability results in the\u00a0ability to execute arbitrary commands as a privileged user\u00a0on the underlying operating system. This allows an attacker\u00a0to fully compromise the underlying operating system on the\u00a0device running ArubaOS." } ], "id": "CVE-2023-35972", "lastModified": "2024-11-21T08:09:05.240", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.367", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F", "versionEndExcluding": "8.7.0.0-2.3.0.7", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96", "versionEndExcluding": "6.5.4.23", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468", "versionEndExcluding": "8.6.0.18", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246", "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" }, { "lang": "es", "value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37900", "lastModified": "2024-11-21T07:15:20.537", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.677", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\n\n" }, { "lang": "es", "value": "Un atacante autenticado puede afectar la integridad del gestor de arranque de ArubaOS en los controladores de la serie 7xxx. Una explotaci\u00f3n exitosa puede comprometer la cadena de confianza del hardware en el controlador afectado." } ], "id": "CVE-2022-37908", "lastModified": "2024-11-21T07:15:21.647", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.187", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - | |
arubanetworks | sd-wan | * | |
arubanetworks | sd-wan | * | |
arubanetworks | 9004 | - | |
arubanetworks | 9004-lte | - | |
arubanetworks | 9012 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE1BBC46-36EA-47DE-9173-707A23325F1A", "versionEndExcluding": "6.4.4.24", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "66C41F7C-BB41-449A-B030-C029E33AD041", "versionEndExcluding": "6.5.4.18", "versionStartIncluding": "6.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "65383999-0515-4646-9510-677D33ECBB11", "versionEndExcluding": "8.2.2.10", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0", "versionEndExcluding": "8.3.0.14", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "419BC61F-B002-4848-BB6B-51CA15C8E6F2", "versionEndExcluding": "8.5.0.11", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271", "versionEndExcluding": "8.7.1.0", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A", "versionEndExcluding": "2.1.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4", "versionEndExcluding": "2.2.0.1", "versionStartIncluding": "2.2.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." }, { "lang": "es", "value": "Se presentan m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticada mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP (8211) de PAPI (protocolo de administraci\u00f3n Aruba Networks AP) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo" } ], "id": "CVE-2020-24633", "lastModified": "2024-11-21T05:15:17.810", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-12-11T02:15:10.943", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | - | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE", "versionEndExcluding": "6.4.4.25", "versionStartIncluding": "6.4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5", "versionEndExcluding": "6.5.4.20", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A", "versionEndExcluding": "8.5.0.13", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28", "versionEndExcluding": "8.6.0.9", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052", "versionEndExcluding": "8.7.1.4", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37721", "lastModified": "2024-11-21T06:15:48.020", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.773", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system." } ], "id": "CVE-2023-35973", "lastModified": "2024-11-21T08:09:05.360", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.437", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system." } ], "id": "CVE-2023-35974", "lastModified": "2024-11-21T08:09:05.470", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.507", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n" } ], "id": "CVE-2023-22778", "lastModified": "2024-11-21T07:45:24.553", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.657", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22764", "lastModified": "2024-11-21T07:45:22.847", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.573", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F", "versionEndExcluding": "8.7.0.0-2.3.0.7", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96", "versionEndExcluding": "6.5.4.23", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468", "versionEndExcluding": "8.6.0.18", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246", "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" }, { "lang": "es", "value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37902", "lastModified": "2024-11-21T07:15:20.840", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.797", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "id": "CVE-2023-22747", "lastModified": "2024-11-21T07:45:20.813", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.427", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "id": "CVE-2023-22752", "lastModified": "2024-11-21T07:45:21.440", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.760", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n" }, { "lang": "es", "value": "Existen vulnerabilidades en ArubaOS que se ejecutan en controladores de la serie 7xxx que permiten a un atacante ejecutar c\u00f3digo arbitrario durante la secuencia de inicio. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante lograr una modificaci\u00f3n permanente del sistema operativo subyacente." } ], "id": "CVE-2022-37905", "lastModified": "2024-11-21T07:15:21.260", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.990", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22757", "lastModified": "2024-11-21T07:45:22.030", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.100", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n" } ], "id": "CVE-2023-22774", "lastModified": "2024-11-21T07:45:24.070", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.253", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22767", "lastModified": "2024-11-21T07:45:23.220", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.767", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level." } ], "id": "CVE-2023-35977", "lastModified": "2024-11-21T08:09:05.807", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.720", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "id": "CVE-2023-22759", "lastModified": "2024-11-21T07:45:22.257", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.233", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | - | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4898E07E-05BF-4673-B41E-151EEADE72B5", "versionEndExcluding": "2.2.0.6", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F", "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052", "versionEndExcluding": "8.7.1.4", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.6; anteriores a 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37717", "lastModified": "2024-11-21T06:15:47.217", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.593", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | sd-wan | - | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | * | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE", "versionEndExcluding": "6.4.4.25", "versionStartIncluding": "6.4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C3FC66C-10CD-461B-A269-1D5636D19787", "versionEndExcluding": "6.5.4.19", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F", "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28", "versionEndExcluding": "8.6.0.9", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C10C5D56-D66D-4FAE-8FDA-6CF759F65215", "versionEndExcluding": "8.7.1.3", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A", "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37729", "lastModified": "2024-11-21T06:15:49.230", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:08.030", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\n\n" }, { "lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad resulta en una Denegaci\u00f3n de Servicio (DoS) en el sistema afectado." } ], "id": "CVE-2022-37910", "lastModified": "2024-11-21T07:15:21.910", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.317", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "id": "CVE-2023-22751", "lastModified": "2024-11-21T07:45:21.320", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.690", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n" } ], "id": "CVE-2023-22773", "lastModified": "2024-11-21T07:45:23.937", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.167", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n" } ], "id": "CVE-2023-22775", "lastModified": "2024-11-21T07:45:24.193", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.330", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-668" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n" } ], "id": "CVE-2023-22777", "lastModified": "2024-11-21T07:45:24.437", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.563", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-668" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F", "versionEndExcluding": "8.7.0.0-2.3.0.7", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96", "versionEndExcluding": "6.5.4.23", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468", "versionEndExcluding": "8.6.0.18", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246", "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" }, { "lang": "es", "value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37898", "lastModified": "2024-11-21T07:15:20.253", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.547", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22755", "lastModified": "2024-11-21T07:45:21.787", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.967", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F", "versionEndExcluding": "8.7.0.0-2.3.0.7", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96", "versionEndExcluding": "6.5.4.23", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468", "versionEndExcluding": "8.6.0.18", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246", "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" }, { "lang": "es", "value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37901", "lastModified": "2024-11-21T07:15:20.683", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.737", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22748", "lastModified": "2024-11-21T07:45:20.940", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.493", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n" }, { "lang": "es", "value": "Aruba ha identificado ciertas configuraciones de ArubaOS que pueden dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial de los ESSID configurados. Los escenarios en los que puede ocurrir la divulgaci\u00f3n de informaci\u00f3n potencialmente confidencial son complejos y dependen de factores que escapan al control de los atacantes." } ], "id": "CVE-2022-37909", "lastModified": "2024-11-21T07:15:21.787", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.247", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "id": "CVE-2023-22760", "lastModified": "2024-11-21T07:45:22.380", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.300", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F", "versionEndExcluding": "8.7.0.0-2.3.0.7", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96", "versionEndExcluding": "6.5.4.23", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468", "versionEndExcluding": "8.6.0.18", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246", "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.\n\n" }, { "lang": "es", "value": "Existe una vulnerabilidad que permite a un atacante autenticado sobrescribir un archivo arbitrario con contenido controlado por el atacante a trav\u00e9s de la interfaz web. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda comprometer completamente el sistema operativo del host subyacente." } ], "id": "CVE-2022-37903", "lastModified": "2024-11-21T07:15:20.970", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.863", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22770", "lastModified": "2024-11-21T07:45:23.573", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.963", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in ArubaOS could allow an unauthenticated\u00a0remote attacker to conduct a reflected cross-site scripting\u00a0(XSS) attack against a user of the web-based management\u00a0interface. A successful exploit could allow an attacker to\u00a0execute arbitrary script code in a victim\u0027s browser in the\u00a0context of the affected interface." } ], "id": "CVE-2023-35978", "lastModified": "2024-11-21T08:09:05.930", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.790", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22766", "lastModified": "2024-11-21T07:45:23.100", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.700", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | * | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7025607-CDA9-4A3A-BB64-93C2B5E77DBD", "versionEndExcluding": "8.3.0.15", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F", "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7", "versionEndExcluding": "8.6.0.8", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066", "versionEndExcluding": "8.7.1.2", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A", "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de desbordamiento de b\u00fafer remoto en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37716", "lastModified": "2024-11-21T06:15:47.077", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.533", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\n" } ], "id": "CVE-2023-22772", "lastModified": "2024-11-21T07:45:23.823", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.100", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22753", "lastModified": "2024-11-21T07:45:21.560", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.823", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" }, { "lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos no autenticada que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (Aruba Networks AP management protocol). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37897", "lastModified": "2024-11-21T07:15:20.093", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.490", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22762", "lastModified": "2024-11-21T07:45:22.603", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.433", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F", "versionEndExcluding": "8.7.0.0-2.3.0.7", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96", "versionEndExcluding": "6.5.4.23", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468", "versionEndExcluding": "8.6.0.18", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246", "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB", "versionEndIncluding": "8.9.0.3", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" }, { "lang": "es", "value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "id": "CVE-2022-37899", "lastModified": "2024-11-21T07:15:20.400", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.617", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE", "versionEndExcluding": "6.4.4.25", "versionStartIncluding": "6.4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5", "versionEndExcluding": "6.5.4.20", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A", "versionEndExcluding": "8.5.0.13", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28", "versionEndExcluding": "8.6.0.9", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052", "versionEndExcluding": "8.7.1.4", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37719", "lastModified": "2024-11-21T06:15:47.740", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.680", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u00a0conduct a stored cross-site scripting (XSS) attack against a\u00a0user of the interface. A successful exploit could\u00a0allow an attacker to execute arbitrary script code in a\u00a0victim\u0027s browser in the context of the affected interface." } ], "id": "CVE-2023-35971", "lastModified": "2024-11-21T08:09:05.070", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.1, "impactScore": 6.0, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.277", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | * | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7025607-CDA9-4A3A-BB64-93C2B5E77DBD", "versionEndExcluding": "8.3.0.15", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F", "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7", "versionEndExcluding": "8.6.0.8", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066", "versionEndExcluding": "8.7.1.2", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C84533A-21E7-4338-BF5C-45FA14B2F42B", "versionEndExcluding": "8.8.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A", "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de tipo cross-site request forgery (csrf) remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37725", "lastModified": "2024-11-21T06:15:48.647", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.940", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | - | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE", "versionEndExcluding": "6.4.4.25", "versionStartIncluding": "6.4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5", "versionEndExcluding": "6.5.4.20", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A", "versionEndExcluding": "8.5.0.13", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28", "versionEndExcluding": "8.6.0.9", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052", "versionEndExcluding": "8.7.1.4", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37722", "lastModified": "2024-11-21T06:15:48.183", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.813", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "id": "CVE-2023-22761", "lastModified": "2024-11-21T07:45:22.497", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.367", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066", "versionEndExcluding": "8.6.0.21", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C", "versionEndExcluding": "8.10.0.7", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997", "versionEndExcluding": "8.11.1.1", "versionStartIncluding": "8.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC", "versionEndExcluding": "10.4.0.2", "versionStartIncluding": "10.4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800", "vulnerable": false }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system." } ], "id": "CVE-2023-35975", "lastModified": "2024-11-21T08:09:05.573", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-05T15:15:09.580", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - | |
arubanetworks | 9004 | - | |
arubanetworks | 9004-lte | - | |
arubanetworks | 9012 | - | |
siemens | scalance_w1750d_firmware | * | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7025607-CDA9-4A3A-BB64-93C2B5E77DBD", "versionEndExcluding": "8.3.0.15", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F", "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7", "versionEndExcluding": "8.6.0.8", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066", "versionEndExcluding": "8.7.1.2", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A", "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de salto de ruta local en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37731", "lastModified": "2024-11-21T06:15:49.533", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:08.070", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.\n\n" }, { "lang": "es", "value": "Existe una vulnerabilidad de path traversal autenticada en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de la vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente." } ], "id": "CVE-2022-37906", "lastModified": "2024-11-21T07:15:21.393", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.060", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - | |
arubanetworks | sd-wan | * | |
arubanetworks | sd-wan | * | |
arubanetworks | 9004 | - | |
arubanetworks | 9004-lte | - | |
arubanetworks | 9012 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49A45927-D609-48E3-A5E5-FEB977F4F58D", "versionEndExcluding": "8.2.2.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0", "versionEndExcluding": "8.3.0.14", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "419BC61F-B002-4848-BB6B-51CA15C8E6F2", "versionEndExcluding": "8.5.0.11", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271", "versionEndExcluding": "8.7.1.0", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A", "versionEndExcluding": "2.1.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4", "versionEndExcluding": "2.2.0.1", "versionStartIncluding": "2.2.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." }, { "lang": "es", "value": "Un atacante es capaz de inyectar remotamente comandos arbitrarios mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP (8211) de PAPI (protocolo de Aruba Networks AP Management) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo" } ], "id": "CVE-2020-24634", "lastModified": "2024-11-21T05:15:17.977", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-12-11T02:15:11.057", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22754", "lastModified": "2024-11-21T07:45:21.670", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:12.897", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22769", "lastModified": "2024-11-21T07:45:23.453", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.900", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Exploit, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | * | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E212ECA7-0194-4C9F-8E88-48C00B2627E8", "versionEndExcluding": "8.5.0.11", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "543031ED-2E5A-4116-8715-AEE4C7E7E743", "versionEndExcluding": "8.6.0.7", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D134CB0-0E6F-4E28-9D75-2C46150A1620", "versionEndExcluding": "8.7.1.1", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A", "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37733", "lastModified": "2024-11-21T06:15:49.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:08.110", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n" } ], "id": "CVE-2023-22771", "lastModified": "2024-11-21T07:45:23.693", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:14.030", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-613" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | - | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4898E07E-05BF-4673-B41E-151EEADE72B5", "versionEndExcluding": "2.2.0.6", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F", "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "543031ED-2E5A-4116-8715-AEE4C7E7E743", "versionEndExcluding": "8.6.0.7", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052", "versionEndExcluding": "8.7.1.4", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.6; anteriores a 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37718", "lastModified": "2024-11-21T06:15:47.383", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.637", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.\n\n" }, { "lang": "es", "value": "Debido a restricciones inadecuadas sobre entidades XML, existen m\u00faltiples vulnerabilidades en la interfaz de l\u00ednea de comandos de ArubaOS. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante autenticado recuperar archivos del sistema local o hacer que la aplicaci\u00f3n consuma recursos del sistema, lo que resultar\u00eda en una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-37911", "lastModified": "2024-11-21T07:15:22.033", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:13.383", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-611" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | 10.3.0.0 | |
arubanetworks | 7005 | - | |
arubanetworks | 7008 | - | |
arubanetworks | 7010 | - | |
arubanetworks | 7024 | - | |
arubanetworks | 7030 | - | |
arubanetworks | 7205 | - | |
arubanetworks | 7210 | - | |
arubanetworks | 7220 | - | |
arubanetworks | 7240xm | - | |
arubanetworks | 7280 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "16FA1F06-8C2E-4DB6-AE03-48B49ABD967E", "versionEndIncluding": "8.9.03", "versionStartIncluding": "8.8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false }, { "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n" }, { "lang": "es", "value": "Existen vulnerabilidades en ArubaOS que se ejecutan en controladores de la serie 7xxx que permiten a un atacante ejecutar c\u00f3digo arbitrario durante la secuencia de inicio. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante lograr una modificaci\u00f3n permanente del sistema operativo subyacente." } ], "id": "CVE-2022-37904", "lastModified": "2024-11-21T07:15:21.130", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-12T13:15:12.923", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100", "versionEndIncluding": "8.7.0.0-2.3.0.8", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "id": "CVE-2023-22756", "lastModified": "2024-11-21T07:45:21.917", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:13.033", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | - | |
siemens | scalance_w1750d | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE", "versionEndExcluding": "6.4.4.25", "versionStartIncluding": "6.4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5", "versionEndExcluding": "6.5.4.20", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4", "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A", "versionEndExcluding": "8.5.0.13", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28", "versionEndExcluding": "8.6.0.9", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052", "versionEndExcluding": "8.7.1.4", "versionStartIncluding": "8.7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad" } ], "id": "CVE-2021-37720", "lastModified": "2024-11-21T06:15:47.873", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-07T13:15:07.723", "references": [ { "source": "security-alert@hpe.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "security-alert@hpe.com", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2023-22766
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22766", "datePublished": "2023-02-28T16:48:00.530Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37722
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote arbitrary command execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:39", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37722", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote arbitrary command execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37722", "datePublished": "2021-09-07T12:09:31", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37900
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37900", "datePublished": "2022-11-03T18:56:36.481Z", "dateReserved": "2022-08-08T18:45:22.549Z", "dateUpdated": "2024-08-03T10:37:42.504Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35978
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35978", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:07:02.071788Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:11:25.552Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "haidv35 from Viettel Cyber Security" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability in ArubaOS could allow an unauthenticated\u0026nbsp;remote attacker to conduct a reflected cross-site scripting\u0026nbsp;(XSS) attack against a user of the web-based management\u0026nbsp;interface. A successful exploit could allow an attacker to\u0026nbsp;execute arbitrary script code in a victim\u0027s browser in the\u0026nbsp;context of the affected interface." } ], "value": "A vulnerability in ArubaOS could allow an unauthenticated\u00a0remote attacker to conduct a reflected cross-site scripting\u00a0(XSS) attack against a user of the web-based management\u00a0interface. A successful exploit could allow an attacker to\u00a0execute arbitrary script code in a victim\u0027s browser in the\u00a0context of the affected interface." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:49:00.807Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35978", "datePublished": "2023-07-05T14:49:00.807Z", "dateReserved": "2023-06-20T18:41:22.737Z", "dateUpdated": "2024-10-21T21:11:25.552Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22749
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Multiple Unauthenticated Command Injections in the PAPI Protocol", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22749", "datePublished": "2023-02-28T16:05:47.658Z", "dateReserved": "2023-01-06T15:24:20.502Z", "dateUpdated": "2024-08-02T10:20:30.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22778
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Phil Purviance (@superevr)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003cbr\u003e" } ], "value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Stored Cross-Site Scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22778", "datePublished": "2023-02-28T17:05:56.186Z", "dateReserved": "2023-01-06T15:24:20.509Z", "dateUpdated": "2024-08-02T10:20:30.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22763
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22763", "datePublished": "2023-02-28T16:46:58.281Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22764
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.410Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22764", "datePublished": "2023-02-28T16:47:14.005Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37907
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:41.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \u003c/p\u003e" } ], "value": "A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37907", "datePublished": "2022-11-03T19:22:49.990Z", "dateReserved": "2022-08-08T18:45:22.551Z", "dateUpdated": "2024-08-03T10:37:41.865Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22752
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.410Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22752", "datePublished": "2023-02-28T16:30:06.487Z", "dateReserved": "2023-01-06T15:24:20.503Z", "dateUpdated": "2024-08-02T10:20:30.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-24633
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us | x_refsource_CONFIRM |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | Aruba 9000 Gateway |
Version: 2.1.0.1 Version: 2.2.0.0 and below |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:19:09.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba 9000 Gateway", "vendor": "n/a", "versions": [ { "status": "affected", "version": "2.1.0.1" }, { "status": "affected", "version": "2.2.0.0 and below" } ] }, { "product": "Aruba 7000 Series Mobility Controllers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.4.4.23" }, { "status": "affected", "version": "6.5.4.17" }, { "status": "affected", "version": "8.2.2.9" }, { "status": "affected", "version": "8.3.0.13" }, { "status": "affected", "version": "8.5.0.10" }, { "status": "affected", "version": "8.6.0.5" }, { "status": "affected", "version": "8.7.0.0 and below" } ] }, { "product": "Aruba 7200 Series Mobility Controllers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.4.4.23" }, { "status": "affected", "version": "6.5.4.17" }, { "status": "affected", "version": "8.2.2.9" }, { "status": "affected", "version": "8.3.0.13" }, { "status": "affected", "version": "8.5.0.10" }, { "status": "affected", "version": "8.6.0.5" }, { "status": "affected", "version": "8.7.0.0 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." } ], "problemTypes": [ { "descriptions": [ { "description": "remote buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-11T01:26:14", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-24633", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba 9000 Gateway", "version": { "version_data": [ { "version_value": "2.1.0.1" }, { "version_value": "2.2.0.0 and below" } ] } }, { "product_name": "Aruba 7000 Series Mobility Controllers", "version": { "version_data": [ { "version_value": "6.4.4.23" }, { "version_value": "6.5.4.17" }, { "version_value": "8.2.2.9" }, { "version_value": "8.3.0.13" }, { "version_value": "8.5.0.10" }, { "version_value": "8.6.0.5" }, { "version_value": "8.7.0.0 and below" } ] } }, { "product_name": "Aruba 7200 Series Mobility Controllers", "version": { "version_data": [ { "version_value": "6.4.4.23" }, { "version_value": "6.5.4.17" }, { "version_value": "8.2.2.9" }, { "version_value": "8.3.0.13" }, { "version_value": "8.5.0.10" }, { "version_value": "8.6.0.5" }, { "version_value": "8.7.0.0 and below" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-24633", "datePublished": "2020-12-11T01:26:14", "dateReserved": "2020-08-25T00:00:00", "dateUpdated": "2024-08-04T15:19:09.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22774
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:31.081Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e" } ], "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22774", "datePublished": "2023-02-28T16:57:05.728Z", "dateReserved": "2023-01-06T15:24:20.508Z", "dateUpdated": "2024-08-02T10:20:31.081Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22777
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nikita Abramov" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\u003cbr\u003e" } ], "value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Information Disclosure in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22777", "datePublished": "2023-02-28T17:04:20.522Z", "dateReserved": "2023-01-06T15:24:20.509Z", "dateUpdated": "2024-08-02T10:20:30.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22759
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": " Daniel Jensen (@dozernz)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22759", "datePublished": "2023-02-28T16:41:28.980Z", "dateReserved": "2023-01-06T15:24:20.504Z", "dateUpdated": "2024-08-02T10:20:30.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37721
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote arbitrary command execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:13", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37721", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote arbitrary command execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37721", "datePublished": "2021-09-07T12:35:27", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22768
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Daniel Jensen (@dozernz)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22768", "datePublished": "2023-02-28T16:49:39.531Z", "dateReserved": "2023-01-06T15:24:20.506Z", "dateUpdated": "2024-08-02T10:20:30.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35973
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:41.090Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35973", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:40:20.723913Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:40:45.590Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in\u0026nbsp;the ArubaOS command line interface. Successful exploitation\u0026nbsp;of these vulnerabilities result in the ability to execute\u0026nbsp;arbitrary commands as a privileged user on the underlying\u0026nbsp;operating system." } ], "value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:45:39.756Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35973", "datePublished": "2023-07-05T14:45:39.756Z", "dateReserved": "2023-06-20T18:41:22.736Z", "dateUpdated": "2024-12-04T15:40:45.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22755
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Haoliang Lu at the WuHeng Lab of ByteDance" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:52:59.218Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22755", "datePublished": "2023-02-28T16:35:24.079Z", "dateReserved": "2023-01-06T15:24:20.504Z", "dateUpdated": "2024-08-02T10:20:30.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22747
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Multiple Unauthenticated Command Injections in the PAPI Protocol", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22747", "datePublished": "2023-02-28T15:47:31.864Z", "dateReserved": "2023-01-06T15:24:20.502Z", "dateUpdated": "2024-08-02T10:20:30.059Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37910
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\u003c/p\u003e" } ], "value": "A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37910", "datePublished": "2022-11-03T19:34:02.983Z", "dateReserved": "2022-08-08T18:45:22.552Z", "dateUpdated": "2024-08-03T10:37:42.519Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37717
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.6 Version: Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.6" }, { "status": "affected", "version": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote arbitrary command execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:35", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37717", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.6" }, { "version_value": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote arbitrary command execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37717", "datePublished": "2021-09-07T12:05:19", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35979
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35979", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:35:07.055934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:36:27.642Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "the technical staff at Northwestern University" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There is an unauthenticated buffer overflow vulnerability\u0026nbsp;in the process controlling the ArubaOS web-based management\u0026nbsp;interface. Successful exploitation of this vulnerability\u0026nbsp;results in a Denial-of-Service (DoS) condition affecting the\u0026nbsp;web-based management interface of the controller." } ], "value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:50:10.736Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35979", "datePublished": "2023-07-05T14:50:10.736Z", "dateReserved": "2023-06-20T18:41:22.738Z", "dateUpdated": "2024-12-04T15:36:27.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22761
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nikita Abramov" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22761", "datePublished": "2023-02-28T16:42:41.162Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22762
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22762", "datePublished": "2023-02-28T16:46:03.890Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37912
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37912", "datePublished": "2022-11-03T19:07:36.763Z", "dateReserved": "2022-08-08T18:45:22.552Z", "dateUpdated": "2024-08-03T10:37:42.091Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37720
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote arbitrary command execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:18", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37720", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote arbitrary command execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37720", "datePublished": "2021-09-07T12:08:20", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22757
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Haoliang Lu at the WuHeng Lab of ByteDance" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:53:18.778Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22757", "datePublished": "2023-02-28T16:36:54.386Z", "dateReserved": "2023-01-06T15:24:20.504Z", "dateUpdated": "2024-08-02T10:20:30.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35974
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35974", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:39:54.939542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:40:07.015Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in\u0026nbsp;the ArubaOS command line interface. Successful exploitation\u0026nbsp;of these vulnerabilities result in the ability to execute\u0026nbsp;arbitrary commands as a privileged user on the underlying\u0026nbsp;operating system." } ], "value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:45:43.215Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35974", "datePublished": "2023-07-05T14:45:43.215Z", "dateReserved": "2023-06-20T18:41:22.736Z", "dateUpdated": "2024-12-04T15:40:07.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22751
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22751", "datePublished": "2023-02-28T16:28:42.105Z", "dateReserved": "2023-01-06T15:24:20.503Z", "dateUpdated": "2024-08-02T10:20:30.236Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37904
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:41.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\u003c/p\u003e" } ], "value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37904", "datePublished": "2022-11-03T19:13:52.272Z", "dateReserved": "2022-08-08T18:45:22.551Z", "dateUpdated": "2024-08-03T10:37:41.950Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22765
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22765", "datePublished": "2023-02-28T16:47:35.008Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.366Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-24637
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us | x_refsource_CONFIRM |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | Aruba 9000 Gateway |
Version: 2.1.0.1 Version: 2.2.0.0 and below |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:19:09.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba 9000 Gateway", "vendor": "n/a", "versions": [ { "status": "affected", "version": "2.1.0.1" }, { "status": "affected", "version": "2.2.0.0 and below" } ] }, { "product": "Aruba 7000 Series Mobility Controllers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.4.4.23" }, { "status": "affected", "version": "6.5.4.17" }, { "status": "affected", "version": "8.2.2.9" }, { "status": "affected", "version": "8.3.0.13" }, { "status": "affected", "version": "8.5.0.10" }, { "status": "affected", "version": "8.6.0.5" }, { "status": "affected", "version": "8.7.0.0 and below" } ] }, { "product": "Aruba 7200 Series Mobility Controllers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.4.4.23" }, { "status": "affected", "version": "6.5.4.17" }, { "status": "affected", "version": "8.2.2.9" }, { "status": "affected", "version": "8.3.0.13" }, { "status": "affected", "version": "8.5.0.10" }, { "status": "affected", "version": "8.6.0.5" }, { "status": "affected", "version": "8.7.0.0 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." } ], "problemTypes": [ { "descriptions": [ { "description": "remote buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-11T01:33:22", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-24637", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba 9000 Gateway", "version": { "version_data": [ { "version_value": "2.1.0.1" }, { "version_value": "2.2.0.0 and below" } ] } }, { "product_name": "Aruba 7000 Series Mobility Controllers", "version": { "version_data": [ { "version_value": "6.4.4.23" }, { "version_value": "6.5.4.17" }, { "version_value": "8.2.2.9" }, { "version_value": "8.3.0.13" }, { "version_value": "8.5.0.10" }, { "version_value": "8.6.0.5" }, { "version_value": "8.7.0.0 and below" } ] } }, { "product_name": "Aruba 7200 Series Mobility Controllers", "version": { "version_data": [ { "version_value": "6.4.4.23" }, { "version_value": "6.5.4.17" }, { "version_value": "8.2.2.9" }, { "version_value": "8.3.0.13" }, { "version_value": "8.5.0.10" }, { "version_value": "8.6.0.5" }, { "version_value": "8.7.0.0 and below" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-24637", "datePublished": "2020-12-11T01:33:22", "dateReserved": "2020-08-25T00:00:00", "dateUpdated": "2024-08-04T15:19:09.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22753
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Haoliang Lu at the WuHeng Lab of ByteDance" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:52:33.182Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22753", "datePublished": "2023-02-28T16:33:36.424Z", "dateReserved": "2023-01-06T15:24:20.503Z", "dateUpdated": "2024-08-02T10:20:30.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37906
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.048Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.\u003c/p\u003e" } ], "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37906", "datePublished": "2022-11-03T19:18:21.610Z", "dateReserved": "2022-08-08T18:45:22.551Z", "dateUpdated": "2024-08-03T10:37:42.048Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22776
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nicholas Starke of Aruba Threat Labs" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\u003cbr\u003e" } ], "value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22776", "datePublished": "2023-02-28T17:02:51.772Z", "dateReserved": "2023-01-06T15:24:20.509Z", "dateUpdated": "2024-08-02T10:20:30.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35971
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35971", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:07:03.397156Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:11:32.335Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "123ojp (bugcrowd.com/123ojp)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u0026nbsp;conduct a stored cross-site scripting (XSS) attack against a\u0026nbsp;user of the interface. A successful exploit could\u0026nbsp;allow an attacker to execute arbitrary script code in a\u0026nbsp;victim\u0027s browser in the context of the affected interface." } ], "value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u00a0conduct a stored cross-site scripting (XSS) attack against a\u00a0user of the interface. A successful exploit could\u00a0allow an attacker to execute arbitrary script code in a\u00a0victim\u0027s browser in the context of the affected interface." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:43:11.546Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35971", "datePublished": "2023-07-05T14:43:11.546Z", "dateReserved": "2023-06-20T18:41:22.736Z", "dateUpdated": "2024-10-21T21:11:32.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22771
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.380Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Mitchell Pompe of Netskope" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\u003cbr\u003e\u003cbr\u003e" } ], "value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Insufficient Session Expiration in ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22771", "datePublished": "2023-02-28T16:53:19.915Z", "dateReserved": "2023-01-06T15:24:20.507Z", "dateUpdated": "2024-08-02T10:20:30.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22754
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Haoliang Lu at the WuHeng Lab of ByteDance" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:52:44.784Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22754", "datePublished": "2023-02-28T16:34:48.324Z", "dateReserved": "2023-01-06T15:24:20.504Z", "dateUpdated": "2024-08-02T10:20:30.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22770
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22770", "datePublished": "2023-02-28T16:51:02.255Z", "dateReserved": "2023-01-06T15:24:20.507Z", "dateUpdated": "2024-08-02T10:20:30.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22773
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.673Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e" } ], "value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22773", "datePublished": "2023-02-28T16:56:44.883Z", "dateReserved": "2023-01-06T15:24:20.508Z", "dateUpdated": "2024-08-02T10:20:30.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35972
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35972", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:41:01.720192Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:41:16.557Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Daniel Jensen (@dozernz)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authenticated remote command injection vulnerability\u0026nbsp;exists in the ArubaOS web-based management interface.\u0026nbsp;Successful exploitation of this vulnerability results in the\u0026nbsp;ability to execute arbitrary commands as a privileged user\u0026nbsp;on the underlying operating system. This allows an attacker\u0026nbsp;to fully compromise the underlying operating system on the\u0026nbsp;device running ArubaOS." } ], "value": "An authenticated remote command injection vulnerability\u00a0exists in the ArubaOS web-based management interface.\u00a0Successful exploitation of this vulnerability results in the\u00a0ability to execute arbitrary commands as a privileged user\u00a0on the underlying operating system. This allows an attacker\u00a0to fully compromise the underlying operating system on the\u00a0device running ArubaOS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:44:42.156Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35972", "datePublished": "2023-07-05T14:44:42.156Z", "dateReserved": "2023-06-20T18:41:22.736Z", "dateUpdated": "2024-12-04T15:41:16.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22760
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nikita Abramov" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22760", "datePublished": "2023-02-28T16:42:04.666Z", "dateReserved": "2023-01-06T15:24:20.505Z", "dateUpdated": "2024-08-02T10:20:30.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37905
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:41.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\u003c/p\u003e" } ], "value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37905", "datePublished": "2022-11-03T19:15:18.208Z", "dateReserved": "2022-08-08T18:45:22.551Z", "dateUpdated": "2024-08-03T10:37:41.852Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22772
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nikita Abramov" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e" } ], "value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22772", "datePublished": "2023-02-28T16:55:26.690Z", "dateReserved": "2023-01-06T15:24:20.507Z", "dateUpdated": "2024-08-02T10:20:30.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22758
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.274Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22758", "datePublished": "2023-02-28T16:40:37.916Z", "dateReserved": "2023-01-06T15:24:20.504Z", "dateUpdated": "2024-08-02T10:20:30.274Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37902
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:41.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37902", "datePublished": "2022-11-03T19:05:52.628Z", "dateReserved": "2022-08-08T18:45:22.550Z", "dateUpdated": "2024-08-03T10:37:41.938Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35977
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35977", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:38:07.853419Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:38:20.007Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Vulnerabilities exist which allow an authenticated attacker\u0026nbsp;to access sensitive information on the ArubaOS command line\u0026nbsp;interface. Successful exploitation could allow access to data\u0026nbsp;beyond what is authorized by the users existing privilege\u0026nbsp;level." } ], "value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:47:46.596Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35977", "datePublished": "2023-07-05T14:47:46.596Z", "dateReserved": "2023-06-20T18:41:22.737Z", "dateUpdated": "2024-12-04T15:38:20.007Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37718
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.6 Version: Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.6" }, { "status": "affected", "version": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote arbitrary command execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:37", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.6" }, { "version_value": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote arbitrary command execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37718", "datePublished": "2021-09-07T12:32:49", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37909
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\u003c/p\u003e" } ], "value": "Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37909", "datePublished": "2022-11-03T19:31:58.258Z", "dateReserved": "2022-08-08T18:45:22.552Z", "dateUpdated": "2024-08-03T10:37:42.394Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37911
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.093Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eDue to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.\u003c/p\u003e" } ], "value": "Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37911", "datePublished": "2022-11-03T19:36:47.596Z", "dateReserved": "2022-08-08T18:45:22.552Z", "dateUpdated": "2024-08-03T10:37:42.093Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22756
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.377Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Haoliang Lu at the WuHeng Lab of ByteDance" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:53:05.813Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22756", "datePublished": "2023-02-28T16:36:32.538Z", "dateReserved": "2023-01-06T15:24:20.504Z", "dateUpdated": "2024-08-02T10:20:30.377Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35975
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35975", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:39:28.929227Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:39:41.143Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authenticated path traversal vulnerability exists in the\u0026nbsp;ArubaOS command line interface. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to delete arbitrary\u0026nbsp;files in the underlying operating system." } ], "value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:46:49.679Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35975", "datePublished": "2023-07-05T14:46:49.679Z", "dateReserved": "2023-06-20T18:41:22.737Z", "dateUpdated": "2024-12-04T15:39:41.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37898
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37898", "datePublished": "2022-11-03T18:23:31.634Z", "dateReserved": "2022-08-08T18:45:22.549Z", "dateUpdated": "2024-08-03T10:37:42.118Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37908
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.105Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\u003c/p\u003e" } ], "value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37908", "datePublished": "2022-11-03T19:29:32.777Z", "dateReserved": "2022-08-08T18:45:22.552Z", "dateUpdated": "2024-08-03T10:37:42.105Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37731
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.0-2.2.0.4 Version: Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:07.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.0-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "local path traversal", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:31", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.0-2.2.0.4" }, { "version_value": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "local path traversal" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37731", "datePublished": "2021-09-07T12:41:13", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:30:07.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37733
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:07.969Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote path traversal", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:26", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37733", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote path traversal" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37733", "datePublished": "2021-09-07T12:38:54", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:30:07.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22767
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.363Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Daniel Jensen (@dozernz)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22767", "datePublished": "2023-02-28T16:49:03.354Z", "dateReserved": "2023-01-06T15:24:20.506Z", "dateUpdated": "2024-08-02T10:20:30.363Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37901
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37901", "datePublished": "2022-11-03T19:00:12.293Z", "dateReserved": "2022-08-08T18:45:22.550Z", "dateUpdated": "2024-08-03T10:37:42.183Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22775
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\u003cbr\u003e" } ], "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22775", "datePublished": "2023-02-28T16:58:34.249Z", "dateReserved": "2023-01-06T15:24:20.508Z", "dateUpdated": "2024-08-02T10:20:30.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37903
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.\u003c/p\u003e" } ], "value": "A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37903", "datePublished": "2022-11-03T19:11:02.155Z", "dateReserved": "2022-08-08T18:45:22.550Z", "dateUpdated": "2024-08-03T10:37:42.505Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-24634
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us | x_refsource_CONFIRM |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | Aruba 9000 Gateway |
Version: 2.1.0.1 Version: 2.2.0.0 and below |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:19:09.075Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba 9000 Gateway", "vendor": "n/a", "versions": [ { "status": "affected", "version": "2.1.0.1" }, { "status": "affected", "version": "2.2.0.0 and below" } ] }, { "product": "Aruba 7000 Series Mobility Controllers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.4.4.23" }, { "status": "affected", "version": "6.5.4.17" }, { "status": "affected", "version": "8.2.2.9" }, { "status": "affected", "version": "8.3.0.13" }, { "status": "affected", "version": "8.5.0.10" }, { "status": "affected", "version": "8.6.0.5" }, { "status": "affected", "version": "8.7.0.0 and below" } ] }, { "product": "Aruba 7200 Series Mobility Controllers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.4.4.23" }, { "status": "affected", "version": "6.5.4.17" }, { "status": "affected", "version": "8.2.2.9" }, { "status": "affected", "version": "8.3.0.13" }, { "status": "affected", "version": "8.5.0.10" }, { "status": "affected", "version": "8.6.0.5" }, { "status": "affected", "version": "8.7.0.0 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." } ], "problemTypes": [ { "descriptions": [ { "description": "remote injection of arbitrary commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-11T01:22:50", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-24634", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba 9000 Gateway", "version": { "version_data": [ { "version_value": "2.1.0.1" }, { "version_value": "2.2.0.0 and below" } ] } }, { "product_name": "Aruba 7000 Series Mobility Controllers", "version": { "version_data": [ { "version_value": "6.4.4.23" }, { "version_value": "6.5.4.17" }, { "version_value": "8.2.2.9" }, { "version_value": "8.3.0.13" }, { "version_value": "8.5.0.10" }, { "version_value": "8.6.0.5" }, { "version_value": "8.7.0.0 and below" } ] } }, { "product_name": "Aruba 7200 Series Mobility Controllers", "version": { "version_data": [ { "version_value": "6.4.4.23" }, { "version_value": "6.5.4.17" }, { "version_value": "8.2.2.9" }, { "version_value": "8.3.0.13" }, { "version_value": "8.5.0.10" }, { "version_value": "8.6.0.5" }, { "version_value": "8.7.0.0 and below" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote injection of arbitrary commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-24634", "datePublished": "2020-12-11T01:22:50", "dateReserved": "2020-08-25T00:00:00", "dateUpdated": "2024-08-04T15:19:09.075Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37716
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:22", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37716", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37716", "datePublished": "2021-09-07T12:02:01", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37725
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote cross-site request forgery (csrf)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:20", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37725", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote cross-site request forgery (csrf)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37725", "datePublished": "2021-09-07T12:39:59", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.517Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37897
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.151Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThere is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e" } ], "value": "There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37897", "datePublished": "2022-11-03T18:12:09.080Z", "dateReserved": "2022-08-08T18:45:22.548Z", "dateUpdated": "2024-08-03T10:37:42.151Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37719
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.4-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote arbitrary command execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-07T12:06:35", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.4-2.2.0.4" }, { "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote arbitrary command execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37719", "datePublished": "2021-09-07T12:06:35", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37899
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:37:42.537Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [ { "status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T12:11:04.548862Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "cveClient/1.0.13" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-37899", "datePublished": "2022-11-03T18:44:51.309Z", "dateReserved": "2022-08-08T18:45:22.549Z", "dateUpdated": "2024-08-03T10:37:42.537Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22769
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:31.068Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22769", "datePublished": "2023-02-28T16:50:46.657Z", "dateReserved": "2023-01-06T15:24:20.506Z", "dateUpdated": "2024-08-02T10:20:31.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22750
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.245Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Multiple Unauthenticated Command Injections in the PAPI Protocol", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22750", "datePublished": "2023-02-28T16:09:16.831Z", "dateReserved": "2023-01-06T15:24:20.503Z", "dateUpdated": "2024-08-02T10:20:30.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35976
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:37:40.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35976", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T15:38:41.712067Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T15:39:11.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below" }, { "status": "affected", "version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below" }, { "status": "affected", "version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below" }, { "status": "affected", "version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-07-11T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Vulnerabilities exist which allow an authenticated attacker\u0026nbsp;to access sensitive information on the ArubaOS command line\u0026nbsp;interface. Successful exploitation could allow access to data\u0026nbsp;beyond what is authorized by the users existing privilege\u0026nbsp;level." } ], "value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T14:47:43.236Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-35976", "datePublished": "2023-07-05T14:47:43.236Z", "dateReserved": "2023-06-20T18:41:22.737Z", "dateUpdated": "2024-12-04T15:39:11.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37729
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.0-2.2.0.4 Version: Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:07.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Prior to 8.6.0.0-2.2.0.4" }, { "status": "affected", "version": "Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "remote path traversal", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T11:06:41", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-37729", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", "version": { "version_data": [ { "version_value": "Prior to 8.6.0.0-2.2.0.4" }, { "version_value": "Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote path traversal" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-37729", "datePublished": "2021-09-07T12:37:41", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:30:07.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22748
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.367Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [ { "status": "affected", "version": "ArubaOS 8.6.x.x: 8.6.0.19 and below" }, { "status": "affected", "version": "ArubaOS 8.10.x.x: 8.10.0.4 and below" }, { "status": "affected", "version": "ArubaOS 10.3.x.x: 10.3.1.0 and below" }, { "status": "affected", "version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik de Jong (bugcrowd.com/erikdejong)" } ], "datePublic": "2023-02-28T21:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe" }, "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt" } ], "source": { "discovery": "UNKNOWN" }, "title": "Multiple Unauthenticated Command Injections in the PAPI Protocol", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2023-22748", "datePublished": "2023-02-28T15:59:17.666Z", "dateReserved": "2023-01-06T15:24:20.502Z", "dateUpdated": "2024-08-02T10:20:30.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202109-1856
Vulnerability from variot
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1856", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.5.0.0" }, { "model": "sd-wan", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "2.2.0.4" }, { "model": "sd-wan", "scope": "eq", "trust": 1.0, "vendor": "arubanetworks", "version": null }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "6.4.4.25" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.3.0.16" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.6.0.9" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.5.0.12" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.6.0.0" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.7.0.0" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "6.4.4.0" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.3.0.0" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "6.5.4.0" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.7.1.3" }, { "model": "sd-wan", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "2.2.0.0" }, { "model": "scalance w1750d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.7.1.3" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "6.5.4.19" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37729" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.4.4.25", "versionStartIncluding": "6.4.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.5.4.19", "versionStartIncluding": "6.5.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.0.9", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37729" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-003" } ], "trust": 0.6 }, "cve": "CVE-2021-37729", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/severity#" }, "@id": "https://www.variotdbs.pl/ref/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2021-37729", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.1, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2021-37729", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-37729", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202109-003", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-37729", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37729" }, { "db": "CNNVD", "id": "CNNVD-202109-003" }, { "db": "VULMON", "id": "CVE-2021-37729" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2021-37729" }, { "db": "VULMON", "id": "CVE-2021-37729" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-280624", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2021-37729", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2021.3458", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-287-07", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202109-003", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-37729", "trust": 0.1 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37729" }, { "db": "CNNVD", "id": "CNNVD-202109-003" }, { "db": "VULMON", "id": "CVE-2021-37729" } ] }, "id": "VAR-202109-1856", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.5113372 }, "last_update_date": "2021-12-18T13:07:33.391000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Aruba Operating System Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161706" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=c44c0d619aeb7aae33cdaba2bcaae31b" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-003" }, { "db": "VULMON", "id": "CVE-2021-37729" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37729" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-016.txt" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-287-07" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/arubaos-multiple-vulnerabilities-36283" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3458" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37729" }, { "db": "CNNVD", "id": "CNNVD-202109-003" }, { "db": "VULMON", "id": "CVE-2021-37729" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-37729" }, { "db": "CNNVD", "id": "CNNVD-202109-003" }, { "db": "VULMON", "id": "CVE-2021-37729" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-07T13:15:00", "db": "NVD", "id": "CVE-2021-37729" }, { "date": "2021-09-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-003" }, { "date": "2021-09-07T00:00:00", "db": "VULMON", "id": "CVE-2021-37729" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-26T21:37:00", "db": "NVD", "id": "CVE-2021-37729" }, { "date": "2021-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-003" }, { "date": "2021-10-12T00:00:00", "db": "VULMON", "id": "CVE-2021-37729" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-003" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Aruba Operating System Path traversal vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-003" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-003" } ], "trust": 0.6 } }
var-202109-1855
Vulnerability from variot
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1855", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.3.0.15" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.5.0.0" }, { "model": "sd-wan", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "2.2.0.4" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.5.0.12" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.6.0.0" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.7.0.0" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.7.1.2" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.3.0.0" }, { "model": "sd-wan", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "2.2.0.0" }, { "model": "scalance w1750d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.7.1.3" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.6.0.8" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37731" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3.0.15", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.0.8", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.2", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3.0.15", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5.0.12", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.0.8", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.2", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37731" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-002" } ], "trust": 0.6 }, "cve": "CVE-2021-37731", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/severity#" }, "@id": "https://www.variotdbs.pl/ref/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2021-37731", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.1, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.3, "id": "CVE-2021-37731", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-37731", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202109-002", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-37731", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37731" }, { "db": "CNNVD", "id": "CNNVD-202109-002" }, { "db": "VULMON", "id": "CVE-2021-37731" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2021-37731" }, { "db": "VULMON", "id": "CVE-2021-37731" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-280624", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2021-37731", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2021.3458", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-287-07", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202109-002", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-37731", "trust": 0.1 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37731" }, { "db": "CNNVD", "id": "CNNVD-202109-002" }, { "db": "VULMON", "id": "CVE-2021-37731" } ] }, "id": "VAR-202109-1855", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.5113372 }, "last_update_date": "2021-12-18T13:23:45.894000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Aruba Operating System Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161705" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=c44c0d619aeb7aae33cdaba2bcaae31b" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-002" }, { "db": "VULMON", "id": "CVE-2021-37731" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37731" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-016.txt" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-287-07" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/arubaos-multiple-vulnerabilities-36283" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3458" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37731" }, { "db": "CNNVD", "id": "CNNVD-202109-002" }, { "db": "VULMON", "id": "CVE-2021-37731" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-37731" }, { "db": "CNNVD", "id": "CNNVD-202109-002" }, { "db": "VULMON", "id": "CVE-2021-37731" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-07T13:15:00", "db": "NVD", "id": "CVE-2021-37731" }, { "date": "2021-09-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-002" }, { "date": "2021-09-07T00:00:00", "db": "VULMON", "id": "CVE-2021-37731" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-26T21:37:00", "db": "NVD", "id": "CVE-2021-37731" }, { "date": "2021-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-002" }, { "date": "2021-10-12T00:00:00", "db": "VULMON", "id": "CVE-2021-37731" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Aruba Operating System Path traversal vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-002" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-002" } ], "trust": 0.6 } }
var-202109-1854
Vulnerability from variot
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1854", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.5.0.0" }, { "model": "sd-wan", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "2.2.0.4" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.3.0.16" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.6.0.0" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.7.0.0" }, { "model": "scalance w1750d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.7.1.3" }, { "model": "arubaos", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "8.3.0.0" }, { "model": "sd-wan", "scope": "gte", "trust": 1.0, "vendor": "arubanetworks", "version": "2.2.0.0" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.6.0.7" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.7.1.1" }, { "model": "arubaos", "scope": "lt", "trust": 1.0, "vendor": "arubanetworks", "version": "8.5.0.11" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37733" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3.0.16", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5.0.11", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.0.7", "versionStartIncluding": "8.6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.1", "versionStartIncluding": "8.7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0.4", "versionStartIncluding": "2.2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.7.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37733" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-004" } ], "trust": 0.6 }, "cve": "CVE-2021-37733", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/severity#" }, "@id": "https://www.variotdbs.pl/ref/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2021-37733", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.1, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "id": "CVE-2021-37733", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-37733", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202109-004", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-37733", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37733" }, { "db": "CNNVD", "id": "CNNVD-202109-004" }, { "db": "VULMON", "id": "CVE-2021-37733" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2021-37733" }, { "db": "VULMON", "id": "CVE-2021-37733" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-280624", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2021-37733", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2021.3458", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-287-07", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202109-004", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-37733", "trust": 0.1 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37733" }, { "db": "CNNVD", "id": "CNNVD-202109-004" }, { "db": "VULMON", "id": "CVE-2021-37733" } ] }, "id": "VAR-202109-1854", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.5113372 }, "last_update_date": "2021-12-18T13:04:00.617000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Aruba Operating System Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161707" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=c44c0d619aeb7aae33cdaba2bcaae31b" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-004" }, { "db": "VULMON", "id": "CVE-2021-37733" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37733" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-016.txt" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-287-07" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/arubaos-multiple-vulnerabilities-36283" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3458" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37733" }, { "db": "CNNVD", "id": "CNNVD-202109-004" }, { "db": "VULMON", "id": "CVE-2021-37733" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-37733" }, { "db": "CNNVD", "id": "CNNVD-202109-004" }, { "db": "VULMON", "id": "CVE-2021-37733" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-07T13:15:00", "db": "NVD", "id": "CVE-2021-37733" }, { "date": "2021-09-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-004" }, { "date": "2021-09-07T00:00:00", "db": "VULMON", "id": "CVE-2021-37733" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-26T21:37:00", "db": "NVD", "id": "CVE-2021-37733" }, { "date": "2021-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-004" }, { "date": "2021-10-12T00:00:00", "db": "VULMON", "id": "CVE-2021-37733" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-004" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Aruba Operating System Path traversal vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-004" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-004" } ], "trust": 0.6 } }