cvelistv5 - cve-2022-37934

CVE-2022-37934 (GCVE-0-2022-37934)

Vulnerability from cvelistv5 – Published: 2023-01-03 18:33 – Updated: 2025-04-10 15:42

Summary

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpsc/doc/public/display?d…

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	HPE OfficeConnect 1820 and 1850 Switch Series	Affected: Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-37934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T15:42:41.310394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T15:42:45.470Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HPE OfficeConnect 1820 and 1850 Switch Series",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\u003c/p\u003e"
            }
          ],
          "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-05T05:58:57.684Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "cveClient/1.0.13"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37934",
    "datePublished": "2023-01-03T18:33:15.954Z",
    "dateReserved": "2022-08-08T18:49:44.387Z",
    "dateUpdated": "2025-04-10T15:42:45.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:officeconnect_1820_24g_poe\\\\+_\\\\(185w\\\\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pt.02.17\", \"matchCriteriaId\": \"9DB33F73-2104-4D29-B92F-E2E4C3EE2E54\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:officeconnect_1820_24g_poe\\\\+_\\\\(185w\\\\)_switch_j9983a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5264853E-2649-4C44-B078-796A02BC53B7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:officeconnect_1820_48g_poe\\\\+_\\\\(370w\\\\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pt.02.17\", \"matchCriteriaId\": \"83B4E0B4-C6EE-470F-A2D5-9621FD2829D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:officeconnect_1820_48g_poe\\\\+_\\\\(370w\\\\)_switch_j9984a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19B37EFA-2611-443A-B1EB-2687D6BD5C2A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:officeconnect_1820_8g_poe\\\\+_\\\\(65w\\\\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pt.02.17\", \"matchCriteriaId\": \"CE77545A-B7D1-4489-87F5-1404BAA66AEB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:officeconnect_1820_8g_poe\\\\+_\\\\(65w\\\\)_switch_j9982a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78A4E198-C861-4961-8AF4-23BEAB22DBF2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pt.02.17\", \"matchCriteriaId\": \"917D4AE7-9EBD-431C-A637-C5F9CB87F2E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6829C8C-511C-4BD7-BC9A-215D34B025E1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pc.01.23\", \"matchCriteriaId\": \"E5B71880-1BE7-4978-8B0B-78E2B30630A0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DF9BC87-425B-4965-B0BB-9B11B6BE5DAE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\\\\+_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pc.01.23\", \"matchCriteriaId\": \"EEB0330A-A8F8-4B10-AA32-072D66E815E5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\\\\+:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1384A4C-5F0A-4F34-BB26-BFD9CDE56C1A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:officeconnect_1850_2xgt\\\\/spf\\\\+_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"po.01.22\", \"matchCriteriaId\": \"9110CF1C-484C-4974-90F4-A1D91FCDD0B5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:officeconnect_1850_2xgt\\\\/spf\\\\+:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90F00E23-350B-4117-96E4-A342790992B8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pc.01.23\", \"matchCriteriaId\": \"B2C5EAAF-BC29-487E-B1BA-15E2E1BC75BE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DD61C53-261D-4155-800E-CE5709BFAA90\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\\\\+_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pc.01.23\", \"matchCriteriaId\": \"64565539-4629-42A0-BC97-E88D5C692034\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\\\\+:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34CC05B8-2AC3-4379-8E27-B771F520EF97\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"pc.01.23\", \"matchCriteriaId\": \"8B255A45-60D8-4E18-9005-9A666704B227\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A0AAED7-FCBB-40E6-9649-617F1CD62A34\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una posible vulnerabilidad de seguridad en las series de conmutadores HPE OfficeConnect 1820 y 1850. La vulnerabilidad podr\\u00eda explotarse de forma remota para permitir el directory traversal de manera remota en la versi\\u00f3n PT.02.17 y anteriores de la serie de conmutadores HPE OfficeConnect 1820, la versi\\u00f3n PC.01.23 y posteriores de la serie de conmutadores HPE OfficeConnect 1850 y la versi\\u00f3n PO.01.22 y PO.01.22 de la serie de conmutadores HPE OfficeConnect 1850 (agregador 10G). abajo.\"}]",
      "id": "CVE-2022-37934",
      "lastModified": "2024-11-21T07:15:24.887",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-alert@hpe.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-01-05T07:15:10.257",
      "references": "[{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-alert@hpe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-37934\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2023-01-05T07:15:10.257\",\"lastModified\":\"2025-04-10T16:15:20.107\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una posible vulnerabilidad de seguridad en las series de conmutadores HPE OfficeConnect 1820 y 1850. La vulnerabilidad podr\u00eda explotarse de forma remota para permitir el directory traversal de manera remota en la versi\u00f3n PT.02.17 y anteriores de la serie de conmutadores HPE OfficeConnect 1820, la versi\u00f3n PC.01.23 y posteriores de la serie de conmutadores HPE OfficeConnect 1850 y la versi\u00f3n PO.01.22 y PO.01.22 de la serie de conmutadores HPE OfficeConnect 1850 (agregador 10G). abajo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:officeconnect_1820_24g_poe\\\\+_\\\\(185w\\\\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pt.02.17\",\"matchCriteriaId\":\"9DB33F73-2104-4D29-B92F-E2E4C3EE2E54\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:officeconnect_1820_24g_poe\\\\+_\\\\(185w\\\\)_switch_j9983a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5264853E-2649-4C44-B078-796A02BC53B7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:officeconnect_1820_48g_poe\\\\+_\\\\(370w\\\\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pt.02.17\",\"matchCriteriaId\":\"83B4E0B4-C6EE-470F-A2D5-9621FD2829D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:officeconnect_1820_48g_poe\\\\+_\\\\(370w\\\\)_switch_j9984a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B37EFA-2611-443A-B1EB-2687D6BD5C2A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:officeconnect_1820_8g_poe\\\\+_\\\\(65w\\\\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pt.02.17\",\"matchCriteriaId\":\"CE77545A-B7D1-4489-87F5-1404BAA66AEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:officeconnect_1820_8g_poe\\\\+_\\\\(65w\\\\)_switch_j9982a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78A4E198-C861-4961-8AF4-23BEAB22DBF2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pt.02.17\",\"matchCriteriaId\":\"917D4AE7-9EBD-431C-A637-C5F9CB87F2E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6829C8C-511C-4BD7-BC9A-215D34B025E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pc.01.23\",\"matchCriteriaId\":\"E5B71880-1BE7-4978-8B0B-78E2B30630A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DF9BC87-425B-4965-B0BB-9B11B6BE5DAE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\\\\+_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pc.01.23\",\"matchCriteriaId\":\"EEB0330A-A8F8-4B10-AA32-072D66E815E5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1384A4C-5F0A-4F34-BB26-BFD9CDE56C1A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:officeconnect_1850_2xgt\\\\/spf\\\\+_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"po.01.22\",\"matchCriteriaId\":\"9110CF1C-484C-4974-90F4-A1D91FCDD0B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:officeconnect_1850_2xgt\\\\/spf\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F00E23-350B-4117-96E4-A342790992B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pc.01.23\",\"matchCriteriaId\":\"B2C5EAAF-BC29-487E-B1BA-15E2E1BC75BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DD61C53-261D-4155-800E-CE5709BFAA90\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\\\\+_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pc.01.23\",\"matchCriteriaId\":\"64565539-4629-42A0-BC97-E88D5C692034\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34CC05B8-2AC3-4379-8E27-B771F520EF97\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"pc.01.23\",\"matchCriteriaId\":\"8B255A45-60D8-4E18-9005-9A666704B227\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0AAED7-FCBB-40E6-9649-617F1CD62A34\"}]}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"HPE OfficeConnect 1820 and 1850 Switch Series\", \"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"versions\": [{\"status\": \"affected\", \"version\": \"Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eA potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\u003c/p\u003e\"}], \"value\": \"A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\\n\\n\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2023-01-05T05:58:57.684Z\"}, \"references\": [{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"x_generator\": {\"engine\": \"cveClient/1.0.13\"}, \"problemTypes\": [{\"descriptions\": [{\"description\": \"n/a\", \"lang\": \"en\", \"type\": \"text\"}]}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:37:42.572Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-37934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-10T15:42:41.310394Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-10T15:42:35.565Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-37934\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"hpe\", \"dateReserved\": \"2022-08-08T18:49:44.387Z\", \"datePublished\": \"2023-01-03T18:33:15.954Z\", \"dateUpdated\": \"2025-04-10T15:42:45.470Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-37934

Vulnerability from fkie_nvd - Published: 2023-01-05 07:15 - Updated: 2025-04-10 16:15

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security-alert@hpe.com	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us	Vendor Advisory

Impacted products

Vendor	Product	Version
hp	officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware	*
hp	officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a	-
hp	officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware	*
hp	officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a	-
hp	officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware	*
hp	officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a	-
hp	officeconnect_1820_8g_switch_j9979a_firmware	*
hp	officeconnect_1820_8g_switch_j9979a	-
hpe	officeconnect_1850_24g_2xgt_firmware	*
hpe	officeconnect_1850_24g_2xgt	-
hpe	officeconnect_1850_24g_2xgt_poe\+_firmware	*
hpe	officeconnect_1850_24g_2xgt_poe\+	-
hpe	officeconnect_1850_2xgt\/spf\+_firmware	*
hpe	officeconnect_1850_2xgt\/spf\+	-
hpe	officeconnect_1850_48g_4xgt_firmware	*
hpe	officeconnect_1850_48g_4xgt	-
hpe	officeconnect_1850_48g_4xgt_poe\+_firmware	*
hpe	officeconnect_1850_48g_4xgt_poe\+	-
hpe	officeconnect_1850_6xgt_firmware	*
hpe	officeconnect_1850_6xgt	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:officeconnect_1820_24g_poe\\+_\\(185w\\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DB33F73-2104-4D29-B92F-E2E4C3EE2E54",
              "versionEndExcluding": "pt.02.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:officeconnect_1820_24g_poe\\+_\\(185w\\)_switch_j9983a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5264853E-2649-4C44-B078-796A02BC53B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:officeconnect_1820_48g_poe\\+_\\(370w\\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B4E0B4-C6EE-470F-A2D5-9621FD2829D0",
              "versionEndExcluding": "pt.02.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:officeconnect_1820_48g_poe\\+_\\(370w\\)_switch_j9984a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B37EFA-2611-443A-B1EB-2687D6BD5C2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:officeconnect_1820_8g_poe\\+_\\(65w\\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE77545A-B7D1-4489-87F5-1404BAA66AEB",
              "versionEndExcluding": "pt.02.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:officeconnect_1820_8g_poe\\+_\\(65w\\)_switch_j9982a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78A4E198-C861-4961-8AF4-23BEAB22DBF2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "917D4AE7-9EBD-431C-A637-C5F9CB87F2E4",
              "versionEndExcluding": "pt.02.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6829C8C-511C-4BD7-BC9A-215D34B025E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B71880-1BE7-4978-8B0B-78E2B30630A0",
              "versionEndExcluding": "pc.01.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF9BC87-425B-4965-B0BB-9B11B6BE5DAE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB0330A-A8F8-4B10-AA32-072D66E815E5",
              "versionEndExcluding": "pc.01.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1384A4C-5F0A-4F34-BB26-BFD9CDE56C1A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_2xgt\\/spf\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9110CF1C-484C-4974-90F4-A1D91FCDD0B5",
              "versionEndExcluding": "po.01.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_2xgt\\/spf\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F00E23-350B-4117-96E4-A342790992B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C5EAAF-BC29-487E-B1BA-15E2E1BC75BE",
              "versionEndExcluding": "pc.01.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD61C53-261D-4155-800E-CE5709BFAA90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64565539-4629-42A0-BC97-E88D5C692034",
              "versionEndExcluding": "pc.01.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34CC05B8-2AC3-4379-8E27-B771F520EF97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B255A45-60D8-4E18-9005-9A666704B227",
              "versionEndExcluding": "pc.01.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0AAED7-FCBB-40E6-9649-617F1CD62A34",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.\n\n"
    },
    {
      "lang": "es",
      "value": "Se ha identificado una posible vulnerabilidad de seguridad en las series de conmutadores HPE OfficeConnect 1820 y 1850. La vulnerabilidad podr\u00eda explotarse de forma remota para permitir el directory traversal de manera remota en la versi\u00f3n PT.02.17 y anteriores de la serie de conmutadores HPE OfficeConnect 1820, la versi\u00f3n PC.01.23 y posteriores de la serie de conmutadores HPE OfficeConnect 1850 y la versi\u00f3n PO.01.22 y PO.01.22 de la serie de conmutadores HPE OfficeConnect 1850 (agregador 10G). abajo."
    }
  ],
  "id": "CVE-2022-37934",
  "lastModified": "2025-04-10T16:15:20.107",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-05T07:15:10.257",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

VAR-202301-0410

Vulnerability from variot - Updated: 2023-12-18 13:00

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0410",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "officeconnect 1850 24g 2xgt poe\\+",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "pc.01.23"
      },
      {
        "model": "officeconnect 1850 48g 4xgt poe\\+",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "pc.01.23"
      },
      {
        "model": "officeconnect 1850 24g 2xgt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "pc.01.23"
      },
      {
        "model": "officeconnect 1820 8g switch j9979a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "pt.02.17"
      },
      {
        "model": "officeconnect 1820 48g poe\\+ \\ switch j9984a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "pt.02.17"
      },
      {
        "model": "officeconnect 1820 8g poe\\+ \\ switch j9982a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "pt.02.17"
      },
      {
        "model": "officeconnect 1850 48g 4xgt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "pc.01.23"
      },
      {
        "model": "officeconnect 1850 2xgt\\/spf\\+",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "po.01.22"
      },
      {
        "model": "officeconnect 1820 24g poe\\+ \\ switch j9983a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "pt.02.17"
      },
      {
        "model": "officeconnect 1850 6xgt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hpe",
        "version": "pc.01.23"
      },
      {
        "model": "hpe officeconnect 1820 8g poe+ \u30b9\u30a4\u30c3\u30c1j9982a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1850 48g 4xgt poe+",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1820 48g poe+ \u30b9\u30a4\u30c3\u30c1j9984a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1850 6xgt",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1850 48g 4xgt",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1820 8g\u30b9\u30a4\u30c3\u30c1j9979a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1850 24g 2xgt poe+",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1820 24g poe+ \u30b9\u30a4\u30c3\u30c1j9983a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1850 2xgt/spf+",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe officeconnect 1850 24g 2xgt",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_24g_poe\\+_\\(185w\\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_24g_poe\\+_\\(185w\\)_switch_j9983a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_48g_poe\\+_\\(370w\\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_48g_poe\\+_\\(370w\\)_switch_j9984a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_8g_poe\\+_\\(65w\\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_8g_poe\\+_\\(65w\\)_switch_j9982a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_2xgt\\/spf\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "po.01.22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_2xgt\\/spf\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      }
    ]
  },
  "cve": "CVE-2022-37934",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security-alert@hpe.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-37934",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-37934",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security-alert@hpe.com",
            "id": "CVE-2022-37934",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202301-335",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-37934"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-37934",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-37934",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-37934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "id": "VAR-202301-0410",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6
  },
  "last_update_date": "2023-12-18T13:00:22.555000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hpesbnw04401en_us",
        "trust": 0.8,
        "url": "https://support.hpe.com/hpesc/public/docdisplay?doclocale=en_us\u0026docid=emr_na-hpesbnw04401en_us"
      },
      {
        "title": "Hewlett Packard Enterprise OfficeConnect Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=221296"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.0
      },
      {
        "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbnw04401en_us"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37934"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-37934/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-37934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-37934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-37934"
      },
      {
        "date": "2023-05-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "date": "2023-01-05T07:15:10.257000",
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "date": "2023-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-37934"
      },
      {
        "date": "2023-05-11T05:17:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      },
      {
        "date": "2023-11-07T03:49:56.893000",
        "db": "NVD",
        "id": "CVE-2022-37934"
      },
      {
        "date": "2023-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HPE\u00a0OfficeConnect\u00a01820\u00a0 and \u00a01850\u00a0 Path Traversal Vulnerability in Switch Series",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-004911"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-335"
      }
    ],
    "trust": 0.6
  }
}

GSD-2022-37934

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-37934

Aliases

CVE-2022-37934

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-37934",
    "description": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.",
    "id": "GSD-2022-37934"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-37934"
      ],
      "details": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.",
      "id": "GSD-2022-37934",
      "modified": "2023-12-13T01:19:13.708792Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "ID": "CVE-2022-37934",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HPE OfficeConnect 1820 and 1850 Switch Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Hewlett Packard Enterprise (HPE)"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below."
          }
        ]
      },
      "generator": {
        "engine": "cveClient/1.0.13"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us",
            "refsource": "MISC",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_24g_poe\\+_\\(185w\\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_24g_poe\\+_\\(185w\\)_switch_j9983a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_48g_poe\\+_\\(370w\\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_48g_poe\\+_\\(370w\\)_switch_j9984a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_8g_poe\\+_\\(65w\\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_8g_poe\\+_\\(65w\\)_switch_j9982a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pt.02.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_2xgt\\/spf\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "po.01.22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_2xgt\\/spf\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "pc.01.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2022-37934"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-12T13:47Z",
      "publishedDate": "2023-01-05T07:15Z"
    }
  }
}

GHSA-R7J6-MCQQ-8GFF

Vulnerability from github – Published: 2023-01-05 09:30 – Updated: 2023-01-12 15:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-37934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-05T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.",
  "id": "GHSA-r7j6-mcqq-8gff",
  "modified": "2023-01-12T15:30:26Z",
  "published": "2023-01-05T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37934"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04401en_us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-37934 (GCVE-0-2022-37934)

FKIE_CVE-2022-37934

VAR-202301-0410

GSD-2022-37934

GHSA-R7J6-MCQQ-8GFF

Tags

Sightings

Nomenclature