Lucene search

[email protected]CVE-2022-37934

HistoryJan 05, 2023 - 7:15 a.m.

CVE-2022-37934

2023-01-0507:15:10

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-37934

security vulnerability

hpe officeconnect

remote exploitation

directory traversal

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Affected configurations

NVD

Node

hpofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983aMatch-

Node

hpofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984aMatch-

Node

hpofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982aMatch-

Node

hpofficeconnect_1820_8g_switch_j9979a_firmwareRange<pt.02.17

AND

hpofficeconnect_1820_8g_switch_j9979aMatch-

Node

hpeofficeconnect_1850_24g_2xgt_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_24g_2xgtMatch-

Node

hpeofficeconnect_1850_24g_2xgt_poe\+_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_24g_2xgt_poe\+Match-

Node

hpeofficeconnect_1850_2xgt\/spf\+_firmwareRange<po.01.22

AND

hpeofficeconnect_1850_2xgt\/spf\+Match-

Node

hpeofficeconnect_1850_48g_4xgt_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_48g_4xgtMatch-

Node

hpeofficeconnect_1850_48g_4xgt_poe\+_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_48g_4xgt_poe\+Match-

Node

hpeofficeconnect_1850_6xgt_firmwareRange<pc.01.23

AND

hpeofficeconnect_1850_6xgtMatch-

CPENameOperatorVersion
hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmwarehp officeconnect 1820 24g poe+ (185w) switch j9983a firmwareltpt.02.17

CPE	Name	Operator	Version
hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware	hp officeconnect 1820 24g poe+ (185w) switch j9983a firmware	lt	pt.02.17

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HPE OfficeConnect 1820 and 1850 Switch Series",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

Related for CVE-2022-37934

cvelist1 prion1 nvd1