7.2

CVE-2021-37731

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArubanetworksSd-wan Version >= 2.2.0.0 < 2.2.0.4
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
ArubanetworksArubaos Version >= 8.3.0.0 < 8.3.0.15
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
ArubanetworksArubaos Version >= 8.5.0.0 < 8.5.0.12
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
ArubanetworksArubaos Version >= 8.6.0.0 < 8.6.0.8
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
ArubanetworksArubaos Version >= 8.7.0.0 < 8.7.1.2
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
SiemensScalance W1750d Firmware Version < 8.7.1.3
   SiemensScalance W1750d Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.359
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 0.3 5.9
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.