8.8

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

Data is provided by the National Vulnerability Database (NVD)
ArubanetworksSd-wan Version >= 8.7.0.0-2.3.0.0 < 8.7.0.0-2.3.0.6
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 6.5.4.0 < 6.5.4.22
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.4.0.0 < 8.6.0.17
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.7.0.0 < 8.7.1.9
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.8.0.0 <= 8.9.0.3
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version10.3.0.0
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.45% 0.628
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-alert@hpe.com 6.6 0.7 5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.