Vulnerabilites related to arubanetworks - instant
CVE-2021-25158 (GCVE-0-2021-25158)
Vulnerability from cvelistv5
Published
2021-03-30 01:32
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file read
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:22",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25158",
"datePublished": "2021-03-30T01:32:28",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25150 (GCVE-0-2021-25150)
Vulnerability from cvelistv5
Published
2021-03-30 00:11
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote execution of arbitrary commands
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.4 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:43",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25150",
"datePublished": "2021-03-30T00:11:24",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25159 (GCVE-0-2021-25159)
Vulnerability from cvelistv5
Published
2021-03-30 01:35
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file modification
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:30",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25159",
"datePublished": "2021-03-30T01:35:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25144 (GCVE-0-2021-25144)
Vulnerability from cvelistv5
Published
2021-03-29 19:06
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote buffer overflow
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.16 and below Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:48",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25144",
"datePublished": "2021-03-29T19:06:41",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25157 (GCVE-0-2021-25157)
Vulnerability from cvelistv5
Published
2021-03-30 01:33
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file read
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.6 and below Version: Aruba Instant 8.7.x: 8.7.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:35",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25157",
"datePublished": "2021-03-30T01:33:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24635 (GCVE-0-2020-24635)
Vulnerability from cvelistv5
Published
2021-03-29 19:05
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote execution of arbitrary commands
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:40",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24635",
"datePublished": "2021-03-29T19:05:06",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25145 (GCVE-0-2021-25145)
Vulnerability from cvelistv5
Published
2021-03-29 23:54
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote unauthorized disclosure of information
Summary
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthorized disclosure of information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:46",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized disclosure of information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25145",
"datePublished": "2021-03-29T23:54:02",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25143 (GCVE-0-2021-25143)
Vulnerability from cvelistv5
Published
2021-03-29 19:03
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote denial of service (dos)
Summary
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.9 and below Version: Aruba Instant 8.6.x: 8.6.0.4 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.9 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote denial of service (dos)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:37",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.9 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service (dos)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25143",
"datePublished": "2021-03-29T19:03:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25148 (GCVE-0-2021-25148)
Vulnerability from cvelistv5
Published
2021-03-29 23:56
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file modification
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.4 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:40",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25148",
"datePublished": "2021-03-29T23:56:15",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25149 (GCVE-0-2021-25149)
Vulnerability from cvelistv5
Published
2021-03-29 23:58
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote buffer overflow
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.16 and below Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:37",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25149",
"datePublished": "2021-03-29T23:58:04",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25160 (GCVE-0-2021-25160)
Vulnerability from cvelistv5
Published
2021-03-30 01:42
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file modification
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:26",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25160",
"datePublished": "2021-03-30T01:42:05",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37892 (GCVE-0-2022-37892)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Stored Cross-Site Scripting
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37892",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37885 (GCVE-0-2022-37885)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37885",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37890 (GCVE-0-2022-37890)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Buffer Overflow
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37890",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37886 (GCVE-0-2022-37886)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37886",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37896 (GCVE-0-2022-37896)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Reflected Cross-Site Scripting
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37896",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5317 (GCVE-0-2019-5317)
Vulnerability from cvelistv5
Published
2021-03-29 15:48
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- local authentication bypass
Summary
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below Version: Aruba Instant 6.5.x: 6.5.4.15 and below Version: Aruba Instant 8.3.x: 8.3.0.11 and below Version: Aruba Instant 8.4.x: 8.4.0.5 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.15 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.4.x: 8.4.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:43",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.15 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.11 and below"
},
{
"version_value": "Aruba Instant 8.4.x: 8.4.0.5 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5317",
"datePublished": "2021-03-29T15:48:03",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37888 (GCVE-0-2022-37888)
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37888",
"datePublished": "2022-10-06T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16417 (GCVE-0-2018-16417)
Vulnerability from cvelistv5
Published
2019-10-30 16:26
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.anquanke.com/vul/id/1652568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T16:28:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.anquanke.com/vul/id/1652568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
},
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"name": "https://www.anquanke.com/vul/id/1652568",
"refsource": "MISC",
"url": "https://www.anquanke.com/vul/id/1652568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16417",
"datePublished": "2019-10-30T16:26:32",
"dateReserved": "2018-09-03T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25155 (GCVE-0-2021-25155)
Vulnerability from cvelistv5
Published
2021-03-30 00:13
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file modification
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.6 and below Version: Aruba Instant 8.7.x: 8.7.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:28",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25155",
"datePublished": "2021-03-30T00:13:23",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25146 (GCVE-0-2021-25146)
Vulnerability from cvelistv5
Published
2021-03-30 00:09
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote execution of arbitrary commands
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:45",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25146",
"datePublished": "2021-03-30T00:09:16",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13099 (GCVE-0-2017-13099)
Vulnerability from cvelistv5
Published
2017-12-13 01:00
Modified
2024-09-16 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://robotattack.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"name": "VU#144389",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"all"
],
"product": "wolfSSL",
"vendor": "wolfSSL",
"versions": [
{
"status": "affected",
"version": "\u003c3.12.2"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\""
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "102174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://robotattack.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"name": "VU#144389",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
}
],
"title": "wolfSSL Bleichenbacher/ROBOT",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2017-12-12",
"ID": "CVE-2017-13099",
"STATE": "PUBLIC",
"TITLE": "wolfSSL Bleichenbacher/ROBOT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wolfSSL",
"version": {
"version_data": [
{
"platform": "all",
"version_value": "\u003c3.12.2"
}
]
}
}
]
},
"vendor_name": "wolfSSL"
}
]
}
},
"credit": [
""
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\""
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102174"
},
{
"name": "https://robotattack.org/",
"refsource": "MISC",
"url": "https://robotattack.org/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"name": "https://github.com/wolfSSL/wolfssl/pull/1229",
"refsource": "CONFIRM",
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13099",
"datePublished": "2017-12-13T01:00:00Z",
"dateReserved": "2017-08-22T00:00:00",
"dateUpdated": "2024-09-16T17:08:12.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37889 (GCVE-0-2022-37889)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37889",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37887 (GCVE-0-2022-37887)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37887",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37895 (GCVE-0-2022-37895)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authenticated Denial of Service (DoS)
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37895",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37894 (GCVE-0-2022-37894)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Denial of Service (DoS)
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37894",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25162 (GCVE-0-2021-25162)
Vulnerability from cvelistv5
Published
2021-03-30 01:43
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote execution of arbitrary commands
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:24",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25162",
"datePublished": "2021-03-30T01:43:16",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25156 (GCVE-0-2021-25156)
Vulnerability from cvelistv5
Published
2021-03-30 01:30
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary directory create
Summary
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.6 and below Version: Aruba Instant 8.7.x: 8.7.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary directory create",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:33",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.6 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary directory create"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25156",
"datePublished": "2021-03-30T01:30:54",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37893 (GCVE-0-2022-37893)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authenticated Remote Command Execution
Summary
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37893",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37891 (GCVE-0-2022-37891)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Buffer Overflow
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37891",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24636 (GCVE-0-2020-24636)
Vulnerability from cvelistv5
Published
2021-03-29 19:08
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote execution of arbitrary commands
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.5.x: 6.5.4.17 and below Version: Aruba Instant 8.3.x: 8.3.0.13 and below Version: Aruba Instant 8.5.x: 8.5.0.10 and below Version: Aruba Instant 8.6.x: 8.6.0.5 and below Version: Aruba Instant 8.7.x: 8.7.0.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote execution of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:45",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote execution of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24636",
"datePublished": "2021-03-29T19:08:15",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5319 (GCVE-0-2019-5319)
Vulnerability from cvelistv5
Published
2021-03-30 01:45
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote buffer overflow
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.16 and below Version: Aruba Instant 8.3.x: 8.3.0.12 and below Version: Aruba Instant 8.5.x: 8.5.0.6 and below Version: Aruba Instant 8.6.x: 8.6.0.2 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:42",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5319",
"datePublished": "2021-03-30T01:45:47",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25161 (GCVE-0-2021-25161)
Vulnerability from cvelistv5
Published
2021-03-30 01:44
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote cross-site scripting (xss)
Summary
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Instant Access Points |
Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Version: Aruba Instant 6.5.x: 6.5.4.18 and below Version: Aruba Instant 8.3.x: 8.3.0.14 and below Version: Aruba Instant 8.5.x: 8.5.0.11 and below Version: Aruba Instant 8.6.x: 8.6.0.7 and below Version: Aruba Instant 8.7.x: 8.7.1.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant Access Points",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"status": "affected",
"version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"status": "affected",
"version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:38",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-25161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant Access Points",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
},
{
"version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
},
{
"version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
},
{
"version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
},
{
"version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
},
{
"version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"name": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-25161",
"datePublished": "2021-03-30T01:44:43",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C7DF37-240A-4A9F-B21D-E60C51DC5765",
"versionEndExcluding": "8.5.0.10",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69D1D-F180-4E4D-A76B-7459684D410B",
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DOS) remota en algunos productos Aruba Instant Access Point (IAP) en las versiones: Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.9 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-25143",
"lastModified": "2024-11-21T05:54:26.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:13.157",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37885",
"lastModified": "2024-11-21T07:15:18.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.067",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25159",
"lastModified": "2024-11-21T05:54:28.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.767",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el manejo de determinadas cadenas SSID por parte de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad resulta en la capacidad de interrumpir la operaci\u00f3n normal del AP afectado de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37894",
"lastModified": "2024-11-21T07:15:19.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:12.887",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25162",
"lastModified": "2024-11-21T05:54:28.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.987",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37886",
"lastModified": "2024-11-21T07:15:18.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594125E5-3B50-4D78-A36E-377D637E3F7B",
"versionEndIncluding": "6.4.4.8-4.2.4.17",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4",
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2019-5319",
"lastModified": "2024-11-21T04:44:44.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.093",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 01:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69D1D-F180-4E4D-A76B-7459684D410B",
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25150",
"lastModified": "2024-11-21T05:54:27.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T01:15:12.800",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80421624-CABE-45F8-9B05-2F7B2DCC36E0",
"versionEndExcluding": "6.5.4.16",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7204DFE4-A95D-4D06-8435-C01A3DB4E9BA",
"versionEndExcluding": "8.3.0.12",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "510D1437-FE00-4B6C-8561-07EDC058EE92",
"versionEndExcluding": "8.4.0.6",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n local en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.15 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.4.x: 8.4.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba, ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2019-5317",
"lastModified": "2024-11-21T04:44:44.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T16:15:12.600",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C26250B-FA0B-4DEA-A3CD-701465A89A2E",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "037510F1-36AA-48A6-86F1-D015D0D7F746",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de creaci\u00f3n de directorio arbitrario remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25156",
"lastModified": "2024-11-21T05:54:28.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.470",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10 ,podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de una v\u00edctima en el contexto de la interfaz afectada de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37892",
"lastModified": "2024-11-21T07:15:19.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.497",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 00:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4",
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25149",
"lastModified": "2024-11-21T05:54:26.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T00:15:12.707",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:15
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2020-24636",
"lastModified": "2024-11-21T05:15:18.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:12.813",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Vendor Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de lectura remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25158",
"lastModified": "2024-11-21T05:54:28.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.673",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C26250B-FA0B-4DEA-A3CD-701465A89A2E",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7D09D1-F5E2-4CD8-A50F-97CD6A800106",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de lectura remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25157",
"lastModified": "2024-11-21T05:54:28.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.580",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticado en el manejo de determinadas cadenas SSID por Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del AP afectado de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37895",
"lastModified": "2024-11-21T07:15:19.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:13.040",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:15
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2020-24635",
"lastModified": "2024-11-21T05:15:18.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:12.750",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 01:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25146",
"lastModified": "2024-11-21T05:54:26.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T01:15:12.737",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 00:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "240DF132-2037-44E6-B064-D0C482B8F2E9",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CAD6E6-4324-444F-9D12-B35D3D08AEDC",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69D1D-F180-4E4D-A76B-7459684D410B",
"versionEndExcluding": "8.6.0.5",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25148",
"lastModified": "2024-11-21T05:54:26.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T00:15:12.643",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 01:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C26250B-FA0B-4DEA-A3CD-701465A89A2E",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7D09D1-F5E2-4CD8-A50F-97CD6A800106",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25155",
"lastModified": "2024-11-21T05:54:27.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T01:15:12.863",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37887",
"lastModified": "2024-11-21T07:15:18.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.237",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-06 18:16
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:ap-103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45B3C8-D048-4EA8-83DF-F99BDB88894C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-114:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF896539-EC3B-4DA0-B955-08E9C7E897EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC40C9-6EF5-4CE9-A74D-A042598899DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEC8F63-AFAF-4C28-81B4-DBEDC3B01339",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF600978-50DE-4534-8063-F064BC68AC1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D34B3C-71E2-44D2-AFC0-253A7B62C386",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "559619E9-DE70-4259-8F79-23CC5ACF6C5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16277CC2-2A9A-44D3-8BC2-C77BE2435D1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50B5B834-3443-4EA0-98F1-809917EF6904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "198EA730-8E4F-4AF0-ACA2-39B6BC266422",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E897029-8910-4D9B-841E-21B94ACC66DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A62E7C-5B33-461F-B92F-9E4E765A84A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE6FCBF-87BD-484B-BA0B-464DD7666F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88193D54-C8F9-48BC-8541-E0FDECE57828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-303:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F7C91F-FA10-426A-BD14-098F0D06B636",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC166340-BF92-447F-9468-AFB658B7FC3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB70364-2497-487D-AA82-7139B7BA81D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5831B-74AC-4189-87F8-18BC170AC10F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAA199F-9D74-4122-855B-1044C27B84A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-318:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1070A64-2765-4F43-97DE-FD24B08CB802",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F50F4A-80C7-4A32-90F1-C5838ADFE8F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F1C511-B9F7-4499-B33C-8B3D7551537B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-334:-:*:*:*:*:*:*:*",
"matchCriteriaId": "788F8BF1-1AA0-4BB9-BE5E-60575A5ED054",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9725F571-C957-44C7-9ECB-58D888315AA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC18D01-F71E-4200-A585-AB8EDA66F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E235F24-7AAB-49A0-81DA-E3B03290CD45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB66E34-16CC-4CF4-A544-EC7C1BF47386",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-514:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D51F66-864C-4EEE-BC9D-5DC6E3D54D4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5C706F-F87B-4DF7-A85C-54A5229183C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-534:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E4D103-8A2F-4CC9-B51C-0D4AB5F97261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-535:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F96A1322-03A5-461C-A5A1-2102852A719D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F8A98B-6D70-4C8A-9379-FC66B10BAFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0219C4A-855C-4CCC-9C56-499697A91B94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18C831D-4D5C-4A50-8101-2CFB3D1B5210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56700415-4944-4364-B010-213B06526062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-114:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71A1AEEA-F680-4A04-93AD-B232E0E95C5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BD77D5-A2E1-4AFF-AF1B-0D010DC85287",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E43247-386E-42EE-A5E0-F4857B59AE85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E815C-64FF-4D1D-A029-C0257CE71740",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BF805A-B08D-4728-A0A2-9FC00F5AADAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E75FEF6-1D57-4689-BFB5-32E390A01798",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "994278AA-D708-4A75-AE67-F67A16D1A586",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1C5D34-AD4A-4994-9E53-0F062304F2EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D1E253-FAA4-42CC-8105-4D0502C85E01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E4ED7F-62B7-4BB1-BE92-0CC0C7DBCD96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "851E2D25-705C-4F51-A990-246C2E4D8F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-318:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E128A41C-307F-4A1D-B263-E4150059B76F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4842D72-E733-4166-9604-4AEA6CC2E892",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32EEA27C-3219-4D02-B2D3-973D0DAF0914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-334:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B5F287-EEB8-4C33-99D2-520E217D800C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:rap-108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7069C938-C883-4533-B043-53721566398A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:rap-109:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9AA606-14EE-48DC-BE12-1A0807DFB1E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remoto no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de gesti\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InnstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37888",
"lastModified": "2024-11-21T07:15:18.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-06T18:16:05.287",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad resulta en la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4. 23 y siguientes; Aruba InstantOS 8.6.x: 8.6.0.18 y siguientes; Aruba InstantOS 8.7.x: 8.7.1.9 y siguientes; Aruba InstantOS 8.10.x: 8.10.0.1 y siguientes; ArubaOS 10.3.x: 10.3.1.0 y siguientes; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37893",
"lastModified": "2024-11-21T07:15:19.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:12.597",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 17:15
Modified
2024-11-21 03:52
Severity ?
Summary
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | w1750d_firmware | * | |
| siemens | w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2CC454-39A5-4D56-BB87-DF9B48303FFB",
"versionEndExcluding": "4.2.4.12",
"versionStartIncluding": "4.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "615BA62B-7BA9-43DA-A4A8-E83F81513EC3",
"versionEndExcluding": "6.5.4.11",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B16A6954-EB81-4BB4-B612-D02415AEE765",
"versionEndExcluding": "8.3.0.6",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715B7F25-4EFA-4BA6-995B-9E84C59116EC",
"versionEndExcluding": "8.4.0.1",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBFE706-F452-4018-85AE-855B971CE206",
"versionEndExcluding": "8.4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF5733F-79FB-4EBB-AC5B-BA4B75A80AB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
},
{
"lang": "es",
"value": "Aruba Instant versiones 4.x anteriores a la versi\u00f3n 6.4.4.8-4.2.4.12, versiones 6.5.x anteriores a la versi\u00f3n 6.5.4.11, versiones 8.3.x anteriores a 8.3.0.6 y versiones 8.4.x anteriores a la versi\u00f3n 8.4.0.1, permite una Inyecci\u00f3n de Comandos."
}
],
"id": "CVE-2018-16417",
"lastModified": "2024-11-21T03:52:42.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T17:15:11.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.anquanke.com/vul/id/1652568"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.anquanke.com/vul/id/1652568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 20:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4",
"versionEndExcluding": "6.5.4.17",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859",
"versionEndExcluding": "8.3.0.13",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
"versionEndExcluding": "8.5.0.7",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
"versionEndExcluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en las versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-25144",
"lastModified": "2024-11-21T05:54:26.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T20:15:13.203",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10 podr\u00eda permitir a un atacante remoto conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de la interfaz. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de una v\u00edctima en el contexto de la interfaz afectada de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37896",
"lastModified": "2024-11-21T07:15:19.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:13.207",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-13 01:29
Modified
2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wolfssl | wolfssl | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - | |
| arubanetworks | instant | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2A9A14-1B1B-4DE6-8FED-52D9AB890B80",
"versionEndExcluding": "3.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A40BE1-05C5-4755-BDE9-17BA6A4F1953",
"versionEndExcluding": "8.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1985B038-1E77-4629-A52C-F0ACD78AF7FE",
"versionEndExcluding": "6.5.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as \"ROBOT.\""
},
{
"lang": "es",
"value": "wolfSSL en versiones anteriores a la 3.12.2 proporciona un or\u00e1culo de Bleichenbacher d\u00e9bil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicaci\u00f3n wolfSSL vulnerable. Esta vulnerabilidad es conocida como \"ROBOT\"."
}
],
"id": "CVE-2017-13099",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T01:29:00.343",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://robotattack.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/wolfSSL/wolfssl/pull/1229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://robotattack.org/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer no autenticadas en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8.6.x: 8.6. 0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37890",
"lastModified": "2024-11-21T07:15:19.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.363",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer no autenticado en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8.6.x: 8.6. 0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37891",
"lastModified": "2024-11-21T07:15:19.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.430",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37889",
"lastModified": "2024-11-21T07:15:19.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.307",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 00:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F054DF3E-94DE-4FAF-8BC4-E89176651310",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB92B04F-DD65-42BA-9931-FF86427FBC5A",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E5DE06-241B-4A83-B0A8-0CEF0D5D825F",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de divulgaci\u00f3n remota de informaci\u00f3n no autorizada en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25145",
"lastModified": "2024-11-21T05:54:26.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T00:15:12.580",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25160",
"lastModified": "2024-11-21T05:54:28.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.860",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 02:15
Modified
2024-11-21 05:54
Severity ?
Summary
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
"versionEndIncluding": "6.4.4.8-4.2.4.18",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "625B5BED-1E8C-434D-948B-A9C99A3A1336",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429A4826-11FA-4E69-A006-97ECBD144D0F",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A177FA-BFBC-4E9E-AA2E-8FA49D66A06C",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73052E-BA70-4DBC-8D23-8EF750AFB59B",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F889114B-15B5-4224-8B58-179F33C4959B",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC134F8-5D6A-4D37-9BC7-CA0C772F8823",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site scripting (xss) remota en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores;\u0026#xa0;Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores;\u0026#xa0;Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores;\u0026#xa0;Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores;\u0026#xa0;Aruba Instant versiones 8.6.x: 8.6.0.7 y anteriores;\u0026#xa0;Aruba Instant versiones 8.7.x: 8.7.1.1 y anteriores.\u0026#xa0;Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2021-25161",
"lastModified": "2024-11-21T05:54:28.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T02:15:16.937",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}