Lucene search

HpeCVE-2022-37934

HistoryJan 05, 2023 - 7:15 a.m.

CVE-2022-37934

2023-01-0507:15:10

CWE-22

hpe

web.nvd.nist.gov

cve-2022-37934

security vulnerability

hpe officeconnect

remote exploitation

directory traversal

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Affected configurations

Nvd

Node

hpofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983aMatch-

Node

hpofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984aMatch-

Node

hpofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982aMatch-

Node

hpofficeconnect_1820_8g_switch_j9979a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_8g_switch_j9979aMatch-

Node

hpeofficeconnect_1850_24g_2xgt_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_24g_2xgtMatch-

Node

hpeofficeconnect_1850_24g_2xgt_poe\+_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_24g_2xgt_poe\+Match-

Node

hpeofficeconnect_1850_2xgt\/spf\+_firmwareRange<po.01.22

AND

hpeofficeconnect_1850_2xgt\/spf\+Match-

Node

hpeofficeconnect_1850_48g_4xgt_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_48g_4xgtMatch-

Node

hpeofficeconnect_1850_48g_4xgt_poe\+_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_48g_4xgt_poe\+Match-

Node

hpeofficeconnect_1850_6xgt_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_6xgtMatch-

VendorProductVersionCPE
hpofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware*cpe:2.3:o:hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*
hpofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a-cpe:2.3:h:hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a:-:*:*:*:*:*:*:*
hpofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware*cpe:2.3:o:hp:officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*
hpofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a-cpe:2.3:h:hp:officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a:-:*:*:*:*:*:*:*
hpofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware*cpe:2.3:o:hp:officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*
hpofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a-cpe:2.3:h:hp:officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a:-:*:*:*:*:*:*:*
hpofficeconnect_1820_8g_switch_j9979a_firmware*cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*
hpofficeconnect_1820_8g_switch_j9979a-cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*
hpeofficeconnect_1850_24g_2xgt_firmware*cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*
hpeofficeconnect_1850_24g_2xgt-cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware	*	cpe:2.3:o:hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware::::::::
hp	officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a	-	cpe:2.3:h:hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a:-:::::::*
hp	officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware	*	cpe:2.3:o:hp:officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware::::::::
hp	officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a	-	cpe:2.3:h:hp:officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a:-:::::::*
hp	officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware	*	cpe:2.3:o:hp:officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware::::::::
hp	officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a	-	cpe:2.3:h:hp:officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a:-:::::::*
hp	officeconnect_1820_8g_switch_j9979a_firmware	*	cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware::::::::
hp	officeconnect_1820_8g_switch_j9979a	-	cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:::::::*
hpe	officeconnect_1850_24g_2xgt_firmware	*	cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware::::::::
hpe	officeconnect_1850_24g_2xgt	-	cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HPE OfficeConnect 1820 and 1850 Switch Series",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

Related for CVE-2022-37934