Lucene search

[email protected]NVD:CVE-2021-25158

HistoryMar 30, 2021 - 2:15 a.m.

CVE-2021-25158

2021-03-3002:15:16

CWE-362

[email protected]

web.nvd.nist.gov

aruba

instant access point

remote arbitrary file read

vulnerability

security

patch

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.105

Percentile

95.0%

JSON

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Affected configurations

Nvd

Node

arubanetworksinstantRange6.5.0.0–6.5.4.19

arubanetworksinstantRange8.3.0.0–8.3.0.15

arubanetworksinstantRange8.5.0.0–8.5.0.12

arubanetworksinstantRange8.6.0.0–8.6.0.8

arubanetworksinstantRange8.7.0.0–8.7.1.2

Node

siemensscalance_w1750d_firmwareRange8.7.0–8.7.1.3

AND

siemensscalance_w1750dMatch-

VendorProductVersionCPE
arubanetworksinstant*cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
siemensscalance_w1750d_firmware*cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
siemensscalance_w1750d-cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	instant	*	cpe:2.3:o:arubanetworks:instant::::::::
siemens	scalance_w1750d_firmware	*	cpe:2.3:o:siemens:scalance_w1750d_firmware::::::::
siemens	scalance_w1750d	-	cpe:2.3:h:siemens:scalance_w1750d:-:::::::*