CVE-2022-37907 (GCVE-0-2022-37907)

Vulnerability from cvelistv5 – Published: 2022-11-03 19:22 – Updated: 2025-05-02 18:47
VLAI?
Summary
A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.
Severity ?
5.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE
  • n/a
Assigner
hpe
References
Impacted products
Vendor Product Version
Hewlett Packard Enterprise Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central Unaffected: ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:41.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-37907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T18:47:22.121277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T18:47:27.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
          "vendor": "Hewlett Packard Enterprise",
          "versions": [
            {
              "status": "unaffected",
              "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \u003c/p\u003e"
            }
          ],
          "value": "A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-12T12:11:04.548Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "cveClient/1.0.13"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37907",
    "datePublished": "2022-11-03T19:22:49.990Z",
    "dateReserved": "2022-08-08T18:45:22.551Z",
    "dateUpdated": "2025-05-02T18:47:27.199Z",
    "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0.0-2.3.0.0\", \"versionEndExcluding\": \"8.7.0.0-2.3.0.6\", \"matchCriteriaId\": \"4CF50C4E-038A-4120-BF86-05DF607C59CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5.4.0\", \"versionEndExcluding\": \"6.5.4.22\", \"matchCriteriaId\": \"49CE5580-518E-4CC8-894A-A78F476D6EC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.4.0.0\", \"versionEndExcluding\": \"8.6.0.17\", \"matchCriteriaId\": \"58A7807B-5AD1-4CE1-8974-772067778D97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0.0\", \"versionEndExcluding\": \"8.7.1.9\", \"matchCriteriaId\": \"F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.8.0.0\", \"versionEndExcluding\": \"10.3.0.1\", \"matchCriteriaId\": \"8E3B42F6-8255-411C-8E0D-9992F3C5F633\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE128072-9444-40D5-AC86-BB317869EB97\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F747F71E-66BC-4776-BCCC-3123F8EEEBC6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59612211-5054-44DC-B028-61A2C5C6133D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15FE873C-3C45-4EA3-9AD1-D07F132BC31F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8E68DB6-149B-4469-BD27-69F1AC59166F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E9AA178-1327-402E-8740-8409ECA448BC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9969F899-4D7A-4DD5-B81D-DB16B20CF86A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF33BAD0-0596-4910-B096-99E2033F73D8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDDFDA5E-3895-463A-86EA-1823EC1B5045\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \\n\\n\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad en bootloader de ArubaOS en los controladores de la serie 7xxx que puede provocar una condici\\u00f3n de Denegaci\\u00f3n de Servicio (DoS) en un sistema afectado. Un atacante exitoso puede causar un bloqueo del sistema que solo puede resolverse mediante un ciclo de encendido del controlador afectado.\"}]",
      "id": "CVE-2022-37907",
      "lastModified": "2024-11-21T07:15:21.517",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-alert@hpe.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-12-12T13:15:13.120",
      "references": "[{\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-alert@hpe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-37907\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2022-12-12T13:15:13.120\",\"lastModified\":\"2025-05-02T19:15:52.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \\n\\n\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad en bootloader de ArubaOS en los controladores de la serie 7xxx que puede provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un sistema afectado. Un atacante exitoso puede causar un bloqueo del sistema que solo puede resolverse mediante un ciclo de encendido del controlador afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0.0-2.3.0.0\",\"versionEndExcluding\":\"8.7.0.0-2.3.0.6\",\"matchCriteriaId\":\"4CF50C4E-038A-4120-BF86-05DF607C59CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.4.0\",\"versionEndExcluding\":\"6.5.4.22\",\"matchCriteriaId\":\"49CE5580-518E-4CC8-894A-A78F476D6EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0.0\",\"versionEndExcluding\":\"8.6.0.17\",\"matchCriteriaId\":\"58A7807B-5AD1-4CE1-8974-772067778D97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0.0\",\"versionEndExcluding\":\"8.7.1.9\",\"matchCriteriaId\":\"F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0.0\",\"versionEndExcluding\":\"10.3.0.1\",\"matchCriteriaId\":\"8E3B42F6-8255-411C-8E0D-9992F3C5F633\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE128072-9444-40D5-AC86-BB317869EB97\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F747F71E-66BC-4776-BCCC-3123F8EEEBC6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59612211-5054-44DC-B028-61A2C5C6133D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15FE873C-3C45-4EA3-9AD1-D07F132BC31F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8E68DB6-149B-4469-BD27-69F1AC59166F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9AA178-1327-402E-8740-8409ECA448BC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9969F899-4D7A-4DD5-B81D-DB16B20CF86A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF33BAD0-0596-4910-B096-99E2033F73D8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDDFDA5E-3895-463A-86EA-1823EC1B5045\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F\"}]}]}],\"references\":[{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:37:41.865Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-37907\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-02T18:47:22.121277Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-02T18:47:19.822Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise\", \"product\": \"Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.13\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2022-12-12T12:11:04.548Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-37907\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T18:47:27.199Z\", \"dateReserved\": \"2022-08-08T18:45:22.551Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2022-11-03T19:22:49.990Z\", \"requesterUserId\": \"6707ad87-4508-4473-b324-feac48da5e14\", \"assignerShortName\": \"hpe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.