4.9
CVE-2021-25141
- EPSS 0.13%
- Published 09.02.2021 17:15:14
- Last modified 21.11.2024 05:54:25
- Source security-alert@hpe.com
- Teams watchlist Login
- Open Login
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Arubanetworks ≫ Aruba 5406r Zl2 Firmware Version < kb.16.10.0012
Arubanetworks ≫ Aruba 5412r Zl2 Firmware Version < kb.16.10.0012
Arubanetworks ≫ Aruba 3810m Firmware Version < kb.16.10.0012
Arubanetworks ≫ Aruba 2930m Firmware Version < wc.16.10.0012
Arubanetworks ≫ Aruba 2930f Firmware Version < wc.16.10.0012
Arubanetworks ≫ Aruba 2920 Firmware Version < wb.16.10.0011
Arubanetworks ≫ Aruba 2540 Firmware Version < yc.16.10.0012
Arubanetworks ≫ Aruba 2530ya Firmware Version < ya.16.10.0012
Arubanetworks ≫ Aruba 3800 Firmware Version < ka.16.04.0022
Arubanetworks ≫ Aruba 2620 Firmware Version < ra.16.04.0022
Hpe ≫ 8200 Zl Firmware Version < k.15.18.0024
Hpe ≫ 6200 Yl Firmware Version < k.15.18.0024
Hpe ≫ 3500 Firmware Version < k.16.02.0032
Hpe ≫ 3500 Yl Firmware Version < k.16.02.0032
Arubanetworks ≫ Aruba 2530yb Firmware Version < yb.16.10.0012
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.287 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|