Lucene search

HpeCVELIST:CVE-2022-37911

HistoryNov 03, 2022 - 7:36 p.m.

CVE-2022-37911

2022-11-0319:36:47

hpe

www.cve.org

arubaos

xml

cli

exploit

authentication

denial of service

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "unaffected",
        "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVELIST:CVE-2022-37911