4.9
CVE-2021-25141
- EPSS 0.13%
- Veröffentlicht 09.02.2021 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:54:25
- Quelle security-alert@hpe.com
- Teams Watchlist Login
- Unerledigt Login
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Aruba 5406r Zl2 Firmware Version < kb.16.10.0012
Arubanetworks ≫ Aruba 5412r Zl2 Firmware Version < kb.16.10.0012
Arubanetworks ≫ Aruba 3810m Firmware Version < kb.16.10.0012
Arubanetworks ≫ Aruba 2930m Firmware Version < wc.16.10.0012
Arubanetworks ≫ Aruba 2930f Firmware Version < wc.16.10.0012
Arubanetworks ≫ Aruba 2920 Firmware Version < wb.16.10.0011
Arubanetworks ≫ Aruba 2540 Firmware Version < yc.16.10.0012
Arubanetworks ≫ Aruba 2530ya Firmware Version < ya.16.10.0012
Arubanetworks ≫ Aruba 3800 Firmware Version < ka.16.04.0022
Arubanetworks ≫ Aruba 2620 Firmware Version < ra.16.04.0022
Hpe ≫ 8200 Zl Firmware Version < k.15.18.0024
Hpe ≫ 6200 Yl Firmware Version < k.15.18.0024
Hpe ≫ 3500 Firmware Version < k.16.02.0032
Hpe ≫ 3500 Yl Firmware Version < k.16.02.0032
Arubanetworks ≫ Aruba 2530yb Firmware Version < yb.16.10.0012
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.287 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|