← Back

CVE-2022-37888

nvd nist
Published: Oct 6, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Affected (7)

Arubanetworks
2 products
Arubaos
Instant
Siemens
1 product
Scalance W1750d Firmware
Configuration A
6 vulnerable · 52 platform
Vulnerable SoftwareAffected Versions
Arubaos
From 10.3.0.0 to 10.3.1.1
Arubanetworks
Instant
From 6.4.0.0 to 6.4.4.8-4.2.4.21
Instant
From 6.5.0.0 to 6.5.4.24
Instant
From 8.10.0.0 to 8.10.0.2
Instant
From 8.6.0.0 to 8.6.0.19
Instant
From 8.7.0.0 to 8.7.1.10
Running on/withPlatform Versions
Arubanetworks
Ap 103
All versions
Arubanetworks
Ap 114
All versions
Arubanetworks
Ap 115
All versions
Arubanetworks
Ap 120
All versions
Arubanetworks
Ap 121
All versions
Arubanetworks
Ap 130
All versions
Arubanetworks
Ap 135
All versions
Arubanetworks
Ap 204
All versions
Arubanetworks
Ap 205
All versions
Arubanetworks
Ap 207
All versions
Arubanetworks
Ap 214
All versions
Arubanetworks
Ap 215
All versions
Arubanetworks
Ap 224
All versions
Arubanetworks
Ap 225
All versions
Arubanetworks
Ap 303
All versions
Arubanetworks
Ap 304
All versions
Arubanetworks
Ap 305
All versions
Arubanetworks
Ap 314
All versions
Arubanetworks
Ap 315
All versions
Arubanetworks
Ap 318
All versions
Arubanetworks
Ap 324
All versions
Arubanetworks
Ap 325
All versions
Arubanetworks
Ap 334
All versions
Arubanetworks
Ap 340
All versions
Arubanetworks
Ap 370
All versions
Arubanetworks
Ap 504
All versions
Arubanetworks
Ap 505
All versions
Arubanetworks
Ap 514
All versions
Arubanetworks
Ap 515
All versions
Arubanetworks
Ap 534
All versions
Arubanetworks
Ap 535
All versions
Arubanetworks
Ap 555
All versions
Arubanetworks
Ap 635
All versions
Arubanetworks
Ap 655
All versions
Arubanetworks
Iap 103
All versions
Arubanetworks
Iap 114
All versions
Arubanetworks
Iap 115
All versions
Arubanetworks
Iap 204
All versions
Arubanetworks
Iap 205
All versions
Arubanetworks
Iap 207
All versions
Arubanetworks
Iap 224
All versions
Arubanetworks
Iap 225
All versions
Arubanetworks
Iap 304
All versions
Arubanetworks
Iap 305
All versions
Arubanetworks
Iap 314
All versions
Arubanetworks
Iap 315
All versions
Arubanetworks
Iap 318
All versions
Arubanetworks
Iap 324
All versions
Arubanetworks
Iap 325
All versions
Arubanetworks
Iap 334
All versions
Arubanetworks
Rap 108
All versions
Arubanetworks
Rap 109
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance W1750d Firmware
All versions
Running on/withPlatform Versions
Siemens
Scalance W1750d
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

Source: security-alert@hpe.com
Third Party Advisory
Source: security-alert@hpe.com
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory

Timeline

No history available yet.