CVE-2022-37906

🗓️ 03 Nov 2022 19:18:21Reported by hpeType

An authenticated path traversal vulnerability in ArubaOS CLI allows deletion of arbitrary files

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-37906	2 May 202519:16	–	circl
CNNVD	Aruba Networks ArubaOS 路径遍历漏洞	26 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-37906	3 Nov 202219:18	–	cvelist
EUVD	EUVD-2022-40513	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in ArubaOS and SD-WAN	28 Oct 202200:00	–	ncsc
NVD	CVE-2022-37906	12 Dec 202213:15	–	nvd
Prion	Path traversal	12 Dec 202213:15	–	prion
Positive Technologies	PT-2022-24140 · Aruba · Arubaos	3 Nov 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-37906	23 May 202500:49	–	redhatcve
Vulnrichment	CVE-2022-37906	3 Nov 202219:18	–	vulnrichment

NVD

Node

arubanetworks sd-wanRange8.7.0.0-2.3.0.0–8.7.0.0-2.3.0.6

arubanetworks arubaosRange6.5.4.0–6.5.4.22

arubanetworks arubaosRange8.4.0.0–8.6.0.17

arubanetworks arubaosRange8.7.0.0–8.7.1.9

arubanetworks arubaosRange8.8.0.0–10.3.0.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "unaffected",
        "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

02 May 2025 19:15Current

8High risk

Vulners AI Score8

CVSS 3.16.5 - 8.1

EPSS0.00477

SSVC

CWE-22