CVE-2022-37908

Published: Dec 12, 2022Modified: May 2, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

Affected (5)

Products: Arubanetworks: Arubaos, Sd Wan

2 products

Configuration A

5 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 6.5.4.0 to 6.5.4.22
Arubanetworks Arubaos	From 8.4.0.0 to 8.6.0.17
Arubanetworks Arubaos	From 8.7.0.0 to 8.7.1.9
Arubanetworks Arubaos	From 8.8.0.0 to 10.3.0.1
Arubanetworks Sd Wan	From 8.7.0.0-2.3.0.0 to 8.7.0.0-2.3.0.6

Running on/with	Platform Versions
Arubanetworks 7005	All versions
Arubanetworks 7008	All versions
Arubanetworks 7010	All versions
Arubanetworks 7024	All versions
Arubanetworks 7030	All versions
Arubanetworks 7205	All versions
Arubanetworks 7210	All versions
Arubanetworks 7220	All versions
Arubanetworks 7240xm	All versions
Arubanetworks 7280	All versions

Related CWEs

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.