6.5

CVE-2022-37908

EPSS 0.1%
Published 12.12.2022 13:15:13
Last modified 02.05.2025 19:15:52
Source security-alert@hpe.com
Teams watchlist Login
Open Login

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Sd-wan Version >= 8.7.0.0-2.3.0.0 < 8.7.0.0-2.3.0.6

   Arubanetworks ≫ 7005 Version-
   Arubanetworks ≫ 7008 Version-
   Arubanetworks ≫ 7010 Version-
   Arubanetworks ≫ 7024 Version-
   Arubanetworks ≫ 7030 Version-
   Arubanetworks ≫ 7205 Version-
   Arubanetworks ≫ 7210 Version-
   Arubanetworks ≫ 7220 Version-
   Arubanetworks ≫ 7240xm Version-
   Arubanetworks ≫ 7280 Version-

Arubanetworks ≫ Arubaos Version >= 6.5.4.0 < 6.5.4.22

   Arubanetworks ≫ 7005 Version-
   Arubanetworks ≫ 7008 Version-
   Arubanetworks ≫ 7010 Version-
   Arubanetworks ≫ 7024 Version-
   Arubanetworks ≫ 7030 Version-
   Arubanetworks ≫ 7205 Version-
   Arubanetworks ≫ 7210 Version-
   Arubanetworks ≫ 7220 Version-
   Arubanetworks ≫ 7240xm Version-
   Arubanetworks ≫ 7280 Version-

Arubanetworks ≫ Arubaos Version >= 8.4.0.0 < 8.6.0.17

   Arubanetworks ≫ 7005 Version-
   Arubanetworks ≫ 7008 Version-
   Arubanetworks ≫ 7010 Version-
   Arubanetworks ≫ 7024 Version-
   Arubanetworks ≫ 7030 Version-
   Arubanetworks ≫ 7205 Version-
   Arubanetworks ≫ 7210 Version-
   Arubanetworks ≫ 7220 Version-
   Arubanetworks ≫ 7240xm Version-
   Arubanetworks ≫ 7280 Version-

Arubanetworks ≫ Arubaos Version >= 8.7.0.0 < 8.7.1.9

   Arubanetworks ≫ 7005 Version-
   Arubanetworks ≫ 7008 Version-
   Arubanetworks ≫ 7010 Version-
   Arubanetworks ≫ 7024 Version-
   Arubanetworks ≫ 7030 Version-
   Arubanetworks ≫ 7205 Version-
   Arubanetworks ≫ 7210 Version-
   Arubanetworks ≫ 7220 Version-
   Arubanetworks ≫ 7240xm Version-
   Arubanetworks ≫ 7280 Version-

Arubanetworks ≫ Arubaos Version >= 8.8.0.0 < 10.3.0.1

   Arubanetworks ≫ 7005 Version-
   Arubanetworks ≫ 7008 Version-
   Arubanetworks ≫ 7010 Version-
   Arubanetworks ≫ 7024 Version-
   Arubanetworks ≫ 7030 Version-
   Arubanetworks ≫ 7205 Version-
   Arubanetworks ≫ 7210 Version-
   Arubanetworks ≫ 7220 Version-
   Arubanetworks ≫ 7240xm Version-
   Arubanetworks ≫ 7280 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.275

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
security-alert@hpe.com	5.8	1.3	4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37908

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37908

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37908

EUVD