CVE-2019-5320

Published: Aug 26, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.

Affected (18)

Products: Arubanetworks: 5400r Firmware, 3810 Firmware, 2920 Firmware, 2930 Firmware, 2530 Firmware, 2540 Firmware

6 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 5400r Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 5400r Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 5400r Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 5400r	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 3810 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 3810 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 3810 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 3810	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2920 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2920 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2920 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2920	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2930 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2930 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2930 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2930	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2530 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2530 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2530 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2530	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2540 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2540 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2540 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2540	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-007.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-007.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.