← Back

CVE-2022-37905

nvd nist
Published: Dec 12, 2022Modified: May 2, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

Affected (6)

Arubanetworks
2 products
Arubaos
Sd Wan
Configuration A
6 vulnerable · 10 platform
Vulnerable SoftwareAffected Versions
Arubanetworks
Arubaos
From 6.5.4.0 to 6.5.4.22
Arubaos
From 8.4.0.0 to 8.6.0.17
Arubaos
From 8.7.0.0 to 8.7.1.9
Arubaos
From 8.8.0.0 to 8.9.0.3
Arubaos
Version 10.3.0.0
Sd Wan
From 8.7.0.0-2.3.0.0 to 8.7.0.0-2.3.0.6
Running on/withPlatform Versions
Arubanetworks
7005
All versions
Arubanetworks
7008
All versions
Arubanetworks
7010
All versions
Arubanetworks
7024
All versions
Arubanetworks
7030
All versions
Arubanetworks
7205
All versions
Arubanetworks
7210
All versions
Arubanetworks
7220
All versions
Arubanetworks
7240xm
All versions
Arubanetworks
7280
All versions

Related CWEs

CWE-1236
Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.