cvelistv5 - cve-2020-7122

CVE-2020-7122 (GCVE-0-2020-7122)

Vulnerability from cvelistv5 – Published: 2020-09-23 12:35 – Updated: 2024-08-04 09:18

Summary

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.

Severity ?

No CVSS data available.

CWE

Multiple Memory Corruption Vulnerabilities in the CDP Implementation

Assigner

hpe

References

URL

Tags

https://www.arubanetworks.com/assets/alert/ARUBA-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400	Affected: Firmware 10.04.1000 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware 10.04.1000 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Multiple Memory Corruption Vulnerabilities in the CDP Implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-23T12:35:21",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2020-7122",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Firmware 10.04.1000 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Multiple Memory Corruption Vulnerabilities in the CDP Implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2020-7122",
    "datePublished": "2020-09-23T12:35:21",
    "dateReserved": "2020-01-16T00:00:00",
    "dateUpdated": "2024-08-04T09:18:03.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.04.1000\", \"matchCriteriaId\": \"A132767A-E9B9-477E-BAAF-A831694F1FC4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CB3993F-B4A6-4016-AF0F-82A23FE34063\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.04.1000\", \"matchCriteriaId\": \"36CB053C-FA12-4065-BC40-FFE6E0B25B00\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C32F7E4-E184-4F76-8638-017DF29D2FFB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.04.1000\", \"matchCriteriaId\": \"270EC51F-3CEC-45C1-9E0F-5D38EB550106\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A013EAE-387B-4C35-9D8F-E2200081E18E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.04.1000\", \"matchCriteriaId\": \"CE87AAEE-644E-4699-B639-B4CE94D503A5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.04.1000\", \"matchCriteriaId\": \"9A5483EC-74BF-4C0D-A751-23C9ED42E29A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9645D616-077B-4313-B5EF-155B642CB073\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.04.1000\", \"matchCriteriaId\": \"B2BFEE7A-D4CC-45BF-B277-8C9849A7F616\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4FB7A6B-69C5-45EF-BE61-23BCF5172836\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.\"}, {\"lang\": \"es\", \"value\": \"Se han encontrado dos vulnerabilidades de corrupci\\u00f3n de memoria en Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, y 8400.\u0026#xa0;Una explotaci\\u00f3n con \\u00e9xito de estas vulnerabilidades podr\\u00eda resultar en una Denegaci\\u00f3n de Servicio Local del Proceso CDP (Cisco Discovery Protocol) en el switch.\u0026#xa0;Esto aplica a las versiones de firmware anteriores a 10.04.1000\"}]",
      "id": "CVE-2020-7122",
      "lastModified": "2024-11-21T05:36:40.077",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-09-23T13:15:16.093",
      "references": "[{\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-alert@hpe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7122\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2020-09-23T13:15:16.093\",\"lastModified\":\"2024-11-21T05:36:40.077\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.\"},{\"lang\":\"es\",\"value\":\"Se han encontrado dos vulnerabilidades de corrupci\u00f3n de memoria en Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, y 8400.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades podr\u00eda resultar en una Denegaci\u00f3n de Servicio Local del Proceso CDP (Cisco Discovery Protocol) en el switch.\u0026#xa0;Esto aplica a las versiones de firmware anteriores a 10.04.1000\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.1000\",\"matchCriteriaId\":\"A132767A-E9B9-477E-BAAF-A831694F1FC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB3993F-B4A6-4016-AF0F-82A23FE34063\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.1000\",\"matchCriteriaId\":\"36CB053C-FA12-4065-BC40-FFE6E0B25B00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C32F7E4-E184-4F76-8638-017DF29D2FFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.1000\",\"matchCriteriaId\":\"270EC51F-3CEC-45C1-9E0F-5D38EB550106\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A013EAE-387B-4C35-9D8F-E2200081E18E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.1000\",\"matchCriteriaId\":\"CE87AAEE-644E-4699-B639-B4CE94D503A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.1000\",\"matchCriteriaId\":\"9A5483EC-74BF-4C0D-A751-23C9ED42E29A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9645D616-077B-4313-B5EF-155B642CB073\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.1000\",\"matchCriteriaId\":\"B2BFEE7A-D4CC-45BF-B277-8C9849A7F616\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4FB7A6B-69C5-45EF-BE61-23BCF5172836\"}]}]}],\"references\":[{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-575

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans plusieurs produits Aruba. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Contrôleurs et Passerelles utilisant x86 Mobility Master versions antérieures à 8.8.0.0
HPE Aruba Networking	N/A	Aruba Instant (IAP) versions antérieures à 6.5.4.17, 8.3.0.13, 8.5.0.7, 8.6.0.0, 8.7.0.0
HPE Aruba Networking	N/A	Switches CX Aruba versions antérieures à 10.3.0001
HPE Aruba Networking	AirWave Management Platform	AirWave Management Platform versions antérieures à 8.2.10
HPE Aruba Networking	N/A	Contrôleurs et Passerelles utilisant Aruba SD-WAN versions antérieures à 8.5.0.0-2.0.0.1, 8.5.0.0-2.1.0.0, 8.6.0.0-2.2.0.0
HPE Aruba Networking	ClearPass Policy Manager	ClearPass Policy Manager versions antérieures à 6.7.13, 6.8.4, 6.9.0
HPE Aruba Networking	N/A	Contrôleurs et Passerelles utilisant ArubaOS versions antérieures à 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10
HPE Aruba Networking	N/A	Switches CX de séries 8400, 8325, 8320, 6400, 6300, 6200 utilisant ArubaOS versions antérieures à 10.05.0001

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba ARUBA-PSA-2020-009 du 15 septembre 2020	None	vendor-advisory
Bulletin de sécurité Aruba ARUBA-PSA-2020-010 du 15 septembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Contr\u00f4leurs et Passerelles utilisant x86 Mobility Master versions ant\u00e9rieures \u00e0 8.8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba Instant (IAP) versions ant\u00e9rieures \u00e0 6.5.4.17, 8.3.0.13, 8.5.0.7, 8.6.0.0, 8.7.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Switches CX Aruba versions ant\u00e9rieures \u00e0 10.3.0001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AirWave Management Platform versions ant\u00e9rieures \u00e0 8.2.10",
      "product": {
        "name": "AirWave Management Platform",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Contr\u00f4leurs et Passerelles utilisant Aruba SD-WAN versions ant\u00e9rieures \u00e0 8.5.0.0-2.0.0.1, 8.5.0.0-2.1.0.0, 8.6.0.0-2.2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "ClearPass Policy Manager versions ant\u00e9rieures \u00e0 6.7.13, 6.8.4, 6.9.0",
      "product": {
        "name": "ClearPass Policy Manager",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Contr\u00f4leurs et Passerelles utilisant ArubaOS versions ant\u00e9rieures \u00e0 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Switches CX de s\u00e9ries 8400, 8325, 8320, 6400, 6300, 6200 utilisant ArubaOS versions ant\u00e9rieures \u00e0 10.05.0001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11478"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2020-7122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7122"
    },
    {
      "name": "CVE-2020-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11477"
    },
    {
      "name": "CVE-2020-7121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7121"
    },
    {
      "name": "CVE-2020-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11479"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits\nAruba. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Aruba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2020-009 du 15 septembre 2020",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2020-010 du 15 septembre 2020",
      "url": null
    }
  ]
}

CERTFR-2020-AVI-575

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans plusieurs produits Aruba. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Contrôleurs et Passerelles utilisant x86 Mobility Master versions antérieures à 8.8.0.0
HPE Aruba Networking	N/A	Aruba Instant (IAP) versions antérieures à 6.5.4.17, 8.3.0.13, 8.5.0.7, 8.6.0.0, 8.7.0.0
HPE Aruba Networking	N/A	Switches CX Aruba versions antérieures à 10.3.0001
HPE Aruba Networking	AirWave Management Platform	AirWave Management Platform versions antérieures à 8.2.10
HPE Aruba Networking	N/A	Contrôleurs et Passerelles utilisant Aruba SD-WAN versions antérieures à 8.5.0.0-2.0.0.1, 8.5.0.0-2.1.0.0, 8.6.0.0-2.2.0.0
HPE Aruba Networking	ClearPass Policy Manager	ClearPass Policy Manager versions antérieures à 6.7.13, 6.8.4, 6.9.0
HPE Aruba Networking	N/A	Contrôleurs et Passerelles utilisant ArubaOS versions antérieures à 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10
HPE Aruba Networking	N/A	Switches CX de séries 8400, 8325, 8320, 6400, 6300, 6200 utilisant ArubaOS versions antérieures à 10.05.0001

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba ARUBA-PSA-2020-009 du 15 septembre 2020	None	vendor-advisory
Bulletin de sécurité Aruba ARUBA-PSA-2020-010 du 15 septembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Contr\u00f4leurs et Passerelles utilisant x86 Mobility Master versions ant\u00e9rieures \u00e0 8.8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba Instant (IAP) versions ant\u00e9rieures \u00e0 6.5.4.17, 8.3.0.13, 8.5.0.7, 8.6.0.0, 8.7.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Switches CX Aruba versions ant\u00e9rieures \u00e0 10.3.0001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AirWave Management Platform versions ant\u00e9rieures \u00e0 8.2.10",
      "product": {
        "name": "AirWave Management Platform",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Contr\u00f4leurs et Passerelles utilisant Aruba SD-WAN versions ant\u00e9rieures \u00e0 8.5.0.0-2.0.0.1, 8.5.0.0-2.1.0.0, 8.6.0.0-2.2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "ClearPass Policy Manager versions ant\u00e9rieures \u00e0 6.7.13, 6.8.4, 6.9.0",
      "product": {
        "name": "ClearPass Policy Manager",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Contr\u00f4leurs et Passerelles utilisant ArubaOS versions ant\u00e9rieures \u00e0 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Switches CX de s\u00e9ries 8400, 8325, 8320, 6400, 6300, 6200 utilisant ArubaOS versions ant\u00e9rieures \u00e0 10.05.0001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11478"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2020-7122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7122"
    },
    {
      "name": "CVE-2020-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11477"
    },
    {
      "name": "CVE-2020-7121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7121"
    },
    {
      "name": "CVE-2020-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11479"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits\nAruba. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Aruba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2020-009 du 15 septembre 2020",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2020-010 du 15 septembre 2020",
      "url": null
    }
  ]
}

FKIE_CVE-2020-7122

Vulnerability from fkie_nvd - Published: 2020-09-23 13:15 - Updated: 2024-11-21 05:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-alert@hpe.com	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
arubanetworks	cx_6200f_firmware	*
arubanetworks	cx_6200f	-
arubanetworks	cx_6300_firmware	*
arubanetworks	cx_6300	-
arubanetworks	cx_6400_firmware	*
arubanetworks	cx_6400	-
arubanetworks	cx_8320_firmware	*
arubanetworks	cx_8320	-
arubanetworks	cx_8325_firmware	*
arubanetworks	cx_8325	-
arubanetworks	cx_8400_firmware	*
arubanetworks	cx_8400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A132767A-E9B9-477E-BAAF-A831694F1FC4",
              "versionEndIncluding": "10.04.1000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CB053C-FA12-4065-BC40-FFE6E0B25B00",
              "versionEndIncluding": "10.04.1000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "270EC51F-3CEC-45C1-9E0F-5D38EB550106",
              "versionEndIncluding": "10.04.1000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE87AAEE-644E-4699-B639-B4CE94D503A5",
              "versionEndIncluding": "10.04.1000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5483EC-74BF-4C0D-A751-23C9ED42E29A",
              "versionEndIncluding": "10.04.1000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BFEE7A-D4CC-45BF-B277-8C9849A7F616",
              "versionEndIncluding": "10.04.1000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000."
    },
    {
      "lang": "es",
      "value": "Se han encontrado dos vulnerabilidades de corrupci\u00f3n de memoria en Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, y 8400.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades podr\u00eda resultar en una Denegaci\u00f3n de Servicio Local del Proceso CDP (Cisco Discovery Protocol) en el switch.\u0026#xa0;Esto aplica a las versiones de firmware anteriores a 10.04.1000"
    }
  ],
  "id": "CVE-2020-7122",
  "lastModified": "2024-11-21T05:36:40.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-23T13:15:16.093",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-7122

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7122

Aliases

CVE-2020-7122

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7122",
    "description": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.",
    "id": "GSD-2020-7122"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7122"
      ],
      "details": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.",
      "id": "GSD-2020-7122",
      "modified": "2023-12-13T01:21:51.877454Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "ID": "CVE-2020-7122",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Firmware 10.04.1000 and below"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Multiple Memory Corruption Vulnerabilities in the CDP Implementation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt",
            "refsource": "MISC",
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A132767A-E9B9-477E-BAAF-A831694F1FC4",
                    "versionEndIncluding": "10.04.1000",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "36CB053C-FA12-4065-BC40-FFE6E0B25B00",
                    "versionEndIncluding": "10.04.1000",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "270EC51F-3CEC-45C1-9E0F-5D38EB550106",
                    "versionEndIncluding": "10.04.1000",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CE87AAEE-644E-4699-B639-B4CE94D503A5",
                    "versionEndIncluding": "10.04.1000",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9A5483EC-74BF-4C0D-A751-23C9ED42E29A",
                    "versionEndIncluding": "10.04.1000",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B2BFEE7A-D4CC-45BF-B277-8C9849A7F616",
                    "versionEndIncluding": "10.04.1000",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000."
          },
          {
            "lang": "es",
            "value": "Se han encontrado dos vulnerabilidades de corrupci\u00f3n de memoria en Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, y 8400.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades podr\u00eda resultar en una Denegaci\u00f3n de Servicio Local del Proceso CDP (Cisco Discovery Protocol) en el switch.\u0026#xa0;Esto aplica a las versiones de firmware anteriores a 10.04.1000"
          }
        ],
        "id": "CVE-2020-7122",
        "lastModified": "2023-12-28T19:02:53.863",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2020-09-23T13:15:16.093",
        "references": [
          {
            "source": "security-alert@hpe.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
          }
        ],
        "sourceIdentifier": "security-alert@hpe.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-3RQ8-WWM3-3PV9

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2023-12-26 21:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-23T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.",
  "id": "GHSA-3rq8-wwm3-3pv9",
  "modified": "2023-12-26T21:30:32Z",
  "published": "2022-05-24T17:29:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7122"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7122 (GCVE-0-2020-7122)

CERTFR-2020-AVI-575

Solution

CERTFR-2020-AVI-575

Solution

FKIE_CVE-2020-7122

GSD-2020-7122

GHSA-3RQ8-WWM3-3PV9

Tags

Sightings

Nomenclature