9.8
CVE-2022-37890
- EPSS 1.22%
- Published 07.10.2022 18:15:21
- Last modified 21.11.2024 07:15:19
- Source security-alert@hpe.com
- Teams watchlist Login
- Open Login
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
Data is provided by the National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 10.3.0.0 < 10.3.1.1
Arubanetworks ≫ Instant Version >= 6.4.0.0 < 6.4.4.8-4.2.4.21
Arubanetworks ≫ Instant Version >= 6.5.0.0 < 6.5.4.24
Arubanetworks ≫ Instant Version >= 8.6.0.0 < 8.6.0.19
Arubanetworks ≫ Instant Version >= 8.7.0.0 < 8.7.1.10
Arubanetworks ≫ Instant Version >= 8.10.0.0 < 8.10.0.2
Siemens ≫ Scalance W1750d Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.784 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.