CVE-2019-5322

Published: Feb 13, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.

Affected (21)

Products: Arubanetworks: 5400r Firmware, 3810 Firmware, 2920 Firmware, 2930 Firmware, 2530 With Gigt Port Firmware, 2530 10/100 Port Firmware, 2540 Firmware

7 products

2530 With Gigt Port Firmware

2530 10/100 Port Firmware

2540 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 5400r Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 5400r Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 5400r Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 5400r	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 3810 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 3810 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 3810 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 3810	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2920 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2920 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2920 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2920	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2930 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2930 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2930 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2930	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2530 With Gigt Port Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2530 With Gigt Port Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2530 With Gigt Port Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2530 With Gigt Port	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2530 10/100 Port Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2530 10/100 Port Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2530 10/100 Port Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2530 10/100 Port	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arubanetworks 2540 Firmware	From 16.08.0 to 16.08.0009
Arubanetworks 2540 Firmware	From 16.09.0 to 16.09.0007
Arubanetworks 2540 Firmware	From 16.10.0 to 16.10.0003

Running on/with	Platform Versions
Arubanetworks 2540	All versions

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.