← Back

CVE-2018-7083

nvd nist
Published: May 10, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

Affected (4)

Arubanetworks
1 product
Aruba Instant
Siemens
1 product
Scalance W1750d Firmware
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Arubanetworks
Aruba Instant
From 4.0 to 4.2.4.12
Aruba Instant
From 6.5.0 to 6.5.4.11
Aruba Instant
From 8.3.0 to 8.3.0.6
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance W1750d Firmware
Before 8.4.0.1
Running on/withPlatform Versions
Siemens
Scalance W1750d
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: security-alert@hpe.com
Vendor Advisory
Source: security-alert@hpe.com
Source: security-alert@hpe.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.