CVE-2022-37911

Published: Dec 12, 2022Modified: May 2, 2025

5.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Exploitability: 1.2 / Impact: 4.2

Source: NVD

Description

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.

Affected (5)

Products: Arubanetworks: Arubaos, Sd Wan

Arubanetworks

2 products

Arubaos

Sd Wan

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 6.5.4.0 to 6.5.4.22
Arubanetworks Arubaos	From 8.4.0.0 to 8.6.0.17
Arubanetworks Arubaos	From 8.7.0.0 to 8.7.1.9
Arubanetworks Arubaos	From 8.8.0.0 to 10.3.0.1
Arubanetworks Sd Wan	From 8.7.0.0-2.3.0.0 to 8.7.0.0-2.3.0.6

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.