FKIE_CVE-2022-37932

Vulnerability from fkie_nvd - Published: 2022-12-12 13:15 - Updated: 2024-11-21 07:15
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
References
security-alert@hpe.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_usVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_usVendor Advisory
Impacted products
Vendor Product Version
hpe officeconnect_1820_j9979a_firmware *
hpe officeconnect_1820_j9979a -
hpe officeconnect_1820_j9982a_firmware *
hpe officeconnect_1820_j9982a -
hpe officeconnect_1820_j9980a_firmware *
hpe officeconnect_1820_j9980a -
hpe officeconnect_1820_j9983a_firmware *
hpe officeconnect_1820_j9983a -
hpe officeconnect_1820_j9981a_firmware *
hpe officeconnect_1820_j9981a -
hpe officeconnect_1820_j9984a_firmware *
hpe officeconnect_1820_j9984a -
hpe officeconnect_1850_24g_2xgt_poe\+_firmware *
hpe officeconnect_1850_24g_2xgt_poe\+ -
hpe officeconnect_1850_24g_2xgt_firmware *
hpe officeconnect_1850_24g_2xgt -
hpe officeconnect_1850_48g_4xgt_poe\+_firmware *
hpe officeconnect_1850_48g_4xgt_poe\+ -
hpe officeconnect_1850_48g_4xgt_firmware *
hpe officeconnect_1850_48g_4xgt -
hpe officeconnect_1850_6xgt_firmware *
hpe officeconnect_1850_6xgt -
hpe officeconnect_1850_2xgt\/spf\+_firmware *
hpe officeconnect_1850_2xgt\/spf\+ -
hpe officeconnect_1920s_24g_2sfp_poe\+_firmware *
hpe officeconnect_1920s_24g_2sfp_poe\+ -
hpe officeconnect_1920s_24g_2sfp_ppoe\+_firmware *
hpe officeconnect_1920s_24g_2sfp_ppoe\+ -
hpe officeconnect_1920s_24g_2sfp_firmware *
hpe officeconnect_1920s_24g_2sfp -
hpe officeconnect_1920s_48g_4sfp_ppoe\+_firmware *
hpe officeconnect_1920s_48g_4sfp_ppoe\+ -
hpe officeconnect_1920s_48g_4sfp_firmware *
hpe officeconnect_1920s_48g_4sfp -
hpe officeconnect_1920s_8g_ppoe\+_firmware *
hpe officeconnect_1920s_8g_ppoe\+ -
hpe officeconnect_1920s_8g_firmware *
hpe officeconnect_1920s_8g -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1820_j9979a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAABEF2-F55F-49FE-9BDB-E6A07F3B9668",
              "versionEndExcluding": "pt.02.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1820_j9979a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F9F10C-0FD7-4224-8604-D40772A6D325",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1820_j9982a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD349A82-736E-48AB-A16F-B7F09A540AF5",
              "versionEndExcluding": "pt.02.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1820_j9982a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7647988C-38C0-4866-9D14-EB0A5380FF85",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1820_j9980a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84C2E422-9A0E-4D91-93BE-C4DD0083CA65",
              "versionEndExcluding": "pt.02.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1820_j9980a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC221BBC-AFD9-4115-A4A6-ACB64E8B1498",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1820_j9983a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A8AE93C-B333-430E-B5FE-E072EAB83599",
              "versionEndExcluding": "pt.02.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1820_j9983a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDDC1474-AC0F-4A9D-AE34-3C1037346A9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1820_j9981a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39DD62A3-CE10-4343-BDC4-73A84E892F13",
              "versionEndExcluding": "pt.02.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1820_j9981a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFAE1036-E1F0-46EE-8FA3-0204299258C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1820_j9984a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6467F62-F15A-469B-BEC5-9E11A242B6FC",
              "versionEndExcluding": "pt.02.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1820_j9984a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C9CDFE-A010-4B48-A7C0-493D82B654F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66948DB9-F00D-40A4-8B32-B6E49A24FA25",
              "versionEndExcluding": "pc.01.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1384A4C-5F0A-4F34-BB26-BFD9CDE56C1A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3377E5AB-1864-4465-AD35-616E1A806384",
              "versionEndExcluding": "pc.01.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF9BC87-425B-4965-B0BB-9B11B6BE5DAE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F06E1A-4EFE-41EA-97C6-7139DD013AFB",
              "versionEndExcluding": "pc.01.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34CC05B8-2AC3-4379-8E27-B771F520EF97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EDD55A8-3C69-4B53-A3C0-F0E2A9B4692A",
              "versionEndExcluding": "pc.01.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD61C53-261D-4155-800E-CE5709BFAA90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0CBEF7-0963-45F9-B4A5-DC04909D4B12",
              "versionEndExcluding": "po.01.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0AAED7-FCBB-40E6-9649-617F1CD62A34",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1850_2xgt\\/spf\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A208318-52FA-4E1F-A62E-F2667CE9F132",
              "versionEndExcluding": "po.01.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1850_2xgt\\/spf\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F00E23-350B-4117-96E4-A342790992B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_poe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "410FE7C9-6757-4B7D-88C7-5FAB7E11F970",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp_poe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75407C01-1A83-43A4-9C75-6EBDED3DE676",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_ppoe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "422F8D41-CA36-42A1-9201-F7D438E30BB6",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp_ppoe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44086E4-506F-44D6-95A7-112BFD8AB2EC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CC988D-9798-4131-8DBA-D769EAC50F17",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FC497B-C6D9-46E9-AC07-0AFED63A7FD4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_48g_4sfp_ppoe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE3C410-DCA7-44E4-9425-B9ABBAAB68E1",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_48g_4sfp_ppoe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E26FF87F-A734-4E79-B08D-7FB97564DF99",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_48g_4sfp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9C79BA-8094-4976-B9A0-BC9008A3AE57",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_48g_4sfp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C916A687-153B-42D6-95A7-2B6CC39E36C7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_8g_ppoe\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4991134-1AC5-401E-B942-486CB7B9D184",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_8g_ppoe\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA52CA14-46DC-4C72-92D8-F065500E0F64",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:officeconnect_1920s_8g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "295C6B0F-83E7-4242-BF64-968B8D2536DE",
              "versionEndExcluding": "pd.02.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:officeconnect_1920s_8g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0686F303-D228-4D0A-8648-67930EFA8395",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;\n\n"
    },
    {
      "lang": "es",
      "value": "Se ha identificado una posible vulnerabilidad de seguridad en los conmutadores de red Hewlett Packard Enterprise OfficeConnect 1820, 1850 y 1920S. La vulnerabilidad podr\u00eda explotarse de forma remota para permitir omitir la autenticaci\u00f3n. HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad en las versiones de los conmutadores de red Hewlett Packard Enterprise OfficeConnect 1820, 1850 y 1920S: anteriores a PT.02.14; Antes de PC.01.22; Antes de PO.01.21; Antes del PD.02.22;"
    }
  ],
  "id": "CVE-2022-37932",
  "lastModified": "2024-11-21T07:15:24.617",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-12T13:15:14.360",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04383en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04383en_us"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.