Lucene search

K

[email protected]NVD:CVE-2022-37908

HistoryDec 12, 2022 - 1:15 p.m.

CVE-2022-37908

2022-12-1213:15:13

[email protected]

web.nvd.nist.gov

1

arubaos

bootloader

integrity

impact

7xxx series controllers

authenticated attacker

hardware chain of trust

compromise

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

22.9%

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

Affected configurations

NVD

Node

arubanetworkssd-wanRange8.7.0.0-2.3.0.0–8.7.0.0-2.3.0.6

OR

arubanetworksarubaosRange6.5.4.0–6.5.4.22

OR

arubanetworksarubaosRange8.4.0.0–8.6.0.17

OR

arubanetworksarubaosRange8.7.0.0–8.7.1.9

OR

arubanetworksarubaosRange8.8.0.0–10.3.0.1

AND

arubanetworks7005Match-

OR

arubanetworks7008Match-

OR

arubanetworks7010Match-

OR

arubanetworks7024Match-

OR

arubanetworks7030Match-

OR

arubanetworks7205Match-

OR

arubanetworks7210Match-

OR

arubanetworks7220Match-

OR

arubanetworks7240xmMatch-

OR

arubanetworks7280Match-

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

22.9%

Related for NVD:CVE-2022-37908

prion1 cve1 cvelist1