CVE-2020-24637
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD
Description
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
Affected (5)
Products: Arubanetworks: Arubaos, Sd Wan
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.5.0.11 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 7005 | All versions |
Arubanetworks 7008 | All versions |
Arubanetworks 7010 | All versions |
Arubanetworks 7024 | All versions |
Arubanetworks 7030 | All versions |
Arubanetworks 7205 | All versions |
Arubanetworks 7210 | All versions |
Arubanetworks 7220 | All versions |
Arubanetworks 7240xm | All versions |
Arubanetworks 7280 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.0.2 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 9004 | All versions |
Arubanetworks 9004 Lte | All versions |
Arubanetworks 9012 | All versions |
References (2)
Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.