Lucene search

[email protected]NVD:CVE-2019-5321

HistoryAug 26, 2020 - 11:15 p.m.

CVE-2019-5321

2020-08-2623:15:11

[email protected]

web.nvd.nist.gov

aruba

intelligent edge

switch

series

firmware

vulnerability

remote unauthorized access

webui

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.006

Percentile

78.4%

JSON

Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.

Affected configurations

Nvd

Node

arubanetworks5400r_firmwareRange16.08.0–16.08.0009

arubanetworks5400r_firmwareRange16.09.0–16.09.0007

arubanetworks5400r_firmwareRange16.10.0–16.10.0003

AND

arubanetworks5400rMatch-

Node

arubanetworks3810_firmwareRange16.08.0–16.08.0009

arubanetworks3810_firmwareRange16.09.0–16.09.0007

arubanetworks3810_firmwareRange16.10.0–16.10.0003

AND

arubanetworks3810Match-

Node

arubanetworks2920_firmwareRange16.08.0–16.08.0009

arubanetworks2920_firmwareRange16.09.0–16.09.0007

arubanetworks2920_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2920Match-

Node

arubanetworks2930_firmwareRange16.08.0–16.08.0009

arubanetworks2930_firmwareRange16.09.0–16.09.0007

arubanetworks2930_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2930Match-

Node

arubanetworks2530_firmwareRange16.08.0–16.08.0009

arubanetworks2530_firmwareRange16.09.0–16.09.0007

arubanetworks2530_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2530Match-

Node

arubanetworks2530_firmwareRange16.08.0–16.08.0009

arubanetworks2530_firmwareRange16.09.0–16.09.0007

arubanetworks2530_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2530Match-

Node

arubanetworks2540_firmwareRange16.08.0–16.08.0009

arubanetworks2540_firmwareRange16.09.0–16.09.0007

arubanetworks2540_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2540Match-

VendorProductVersionCPE
arubanetworks5400r_firmware*cpe:2.3:o:arubanetworks:5400r_firmware:*:*:*:*:*:*:*:*
arubanetworks5400r-cpe:2.3:h:arubanetworks:5400r:-:*:*:*:*:*:*:*
arubanetworks3810_firmware*cpe:2.3:o:arubanetworks:3810_firmware:*:*:*:*:*:*:*:*
arubanetworks3810-cpe:2.3:h:arubanetworks:3810:-:*:*:*:*:*:*:*
arubanetworks2920_firmware*cpe:2.3:o:arubanetworks:2920_firmware:*:*:*:*:*:*:*:*
arubanetworks2920-cpe:2.3:h:arubanetworks:2920:-:*:*:*:*:*:*:*
arubanetworks2930_firmware*cpe:2.3:o:arubanetworks:2930_firmware:*:*:*:*:*:*:*:*
arubanetworks2930-cpe:2.3:h:arubanetworks:2930:-:*:*:*:*:*:*:*
arubanetworks2530_firmware*cpe:2.3:o:arubanetworks:2530_firmware:*:*:*:*:*:*:*:*
arubanetworks2530-cpe:2.3:h:arubanetworks:2530:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	5400r_firmware	*	cpe:2.3:o:arubanetworks:5400r_firmware::::::::
arubanetworks	5400r	-	cpe:2.3:h:arubanetworks:5400r:-:::::::*
arubanetworks	3810_firmware	*	cpe:2.3:o:arubanetworks:3810_firmware::::::::
arubanetworks	3810	-	cpe:2.3:h:arubanetworks:3810:-:::::::*
arubanetworks	2920_firmware	*	cpe:2.3:o:arubanetworks:2920_firmware::::::::
arubanetworks	2920	-	cpe:2.3:h:arubanetworks:2920:-:::::::*
arubanetworks	2930_firmware	*	cpe:2.3:o:arubanetworks:2930_firmware::::::::
arubanetworks	2930	-	cpe:2.3:h:arubanetworks:2930:-:::::::*
arubanetworks	2530_firmware	*	cpe:2.3:o:arubanetworks:2530_firmware::::::::
arubanetworks	2530	-	cpe:2.3:h:arubanetworks:2530:-:::::::*

Rows per page:

1-10 of 121

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-007.txt

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.006

Percentile

78.4%

JSON

Related for NVD:CVE-2019-5321

cve1 cvelist1 prion1 nessus1