6.5

CVE-2022-37894

EPSS 0.1%
Published 07.10.2022 19:15:12
Last modified 21.11.2024 07:15:19
Source security-alert@hpe.com
Teams watchlist Login
Open Login

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Arubaos Version >= 10.3.0.0 < 10.3.1.1

Arubanetworks ≫ Instant Version >= 6.4.0.0 < 6.4.4.8-4.2.4.21

Arubanetworks ≫ Instant Version >= 6.5.0.0 < 6.5.4.24

Arubanetworks ≫ Instant Version >= 8.6.0.0 < 8.6.0.19

Arubanetworks ≫ Instant Version >= 8.7.0.0 < 8.7.1.10

Arubanetworks ≫ Instant Version >= 8.10.0.0 < 8.10.0.2

Siemens ≫ Scalance W1750d Firmware

Siemens ≫ Scalance W1750d Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.275

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf

Third Party Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37894

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37894

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37894

EUVD