Lucene search

HpeCVE-2021-25155

HistoryMar 30, 2021 - 1:15 a.m.

CVE-2021-25155

2021-03-3001:15:12

hpe

web.nvd.nist.gov

120

cve-2021-25155

aruba instant

access point

iap

security vulnerability

file modification

patch

nvd

aruba

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Affected configurations

Nvd

Node

arubanetworksinstantRange6.4.0.0–6.4.4.8-4.2.4.18

arubanetworksinstantRange6.5.0.0–6.5.4.19

arubanetworksinstantRange8.3.0.0–8.3.0.15

arubanetworksinstantRange8.5.0.0–8.5.0.12

arubanetworksinstantRange8.6.0.0–8.6.0.7

arubanetworksinstantRange8.7.0.0–8.7.1.1

Node

siemensscalance_w1750d_firmwareRange8.7.0–8.7.1.3

AND

siemensscalance_w1750dMatch-

VendorProductVersionCPE
arubanetworksinstant*cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
siemensscalance_w1750d_firmware*cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
siemensscalance_w1750d-cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	instant	*	cpe:2.3:o:arubanetworks:instant::::::::
siemens	scalance_w1750d_firmware	*	cpe:2.3:o:siemens:scalance_w1750d_firmware::::::::
siemens	scalance_w1750d	-	cpe:2.3:h:siemens:scalance_w1750d:-:::::::*

CNA Affected

[
  {
    "product": "Aruba Instant Access Points",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.6.x: 8.6.0.6 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.7.x: 8.7.1.0 and below"
      }
    ]
  }
]

References

packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html

packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html

cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf

www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Related for CVE-2021-25155