8.8

CVE-2022-37904

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArubanetworksSd-wan Version >= 8.7.0.0-2.3.0.0 < 8.7.0.0-2.3.0.6
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 6.5.4.0 < 6.5.4.22
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.4.0.0 < 8.6.0.17
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.7.0.0 < 8.7.1.9
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.8.0.0 <= 8.9.03
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version10.3.0.0
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.495
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-alert@hpe.com 6.6 0.7 5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-123 Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.