← Back

CVE-2022-37934

nvd nist
Published: Jan 5, 2023Modified: Apr 10, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Affected (10)

Hp
4 products
Officeconnect 1820 24g Poe+ (185w) Switch J9983a Firmware
Officeconnect 1820 48g Poe+ (370w) Switch J9984a Firmware
Officeconnect 1820 8g Poe+ (65w) Switch J9982a Firmware
Officeconnect 1820 8g Switch J9979a Firmware
Hpe
6 products
Officeconnect 1850 24g 2xgt Firmware
Officeconnect 1850 24g 2xgt Poe+ Firmware
Officeconnect 1850 2xgt/spf+ Firmware
Officeconnect 1850 48g 4xgt Firmware
Officeconnect 1850 48g 4xgt Poe+ Firmware
Officeconnect 1850 6xgt Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1820 24g Poe+ (185w) Switch J9983a Firmware
Before pt.02.17
Running on/withPlatform Versions
Hp
Officeconnect 1820 24g Poe+ (185w) Switch J9983a
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1820 48g Poe+ (370w) Switch J9984a Firmware
Before pt.02.17
Running on/withPlatform Versions
Hp
Officeconnect 1820 48g Poe+ (370w) Switch J9984a
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1820 8g Poe+ (65w) Switch J9982a Firmware
Before pt.02.17
Running on/withPlatform Versions
Hp
Officeconnect 1820 8g Poe+ (65w) Switch J9982a
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1820 8g Switch J9979a Firmware
Before pt.02.17
Running on/withPlatform Versions
Hp
Officeconnect 1820 8g Switch J9979a
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1850 24g 2xgt Firmware
Before pc.01.23
Running on/withPlatform Versions
Hpe
Officeconnect 1850 24g 2xgt
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1850 24g 2xgt Poe+ Firmware
Before pc.01.23
Running on/withPlatform Versions
Hpe
Officeconnect 1850 24g 2xgt Poe+
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1850 2xgt/spf+ Firmware
Before po.01.22
Running on/withPlatform Versions
Hpe
Officeconnect 1850 2xgt/spf+
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1850 48g 4xgt Firmware
Before pc.01.23
Running on/withPlatform Versions
Hpe
Officeconnect 1850 48g 4xgt
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1850 48g 4xgt Poe+ Firmware
Before pc.01.23
Running on/withPlatform Versions
Hpe
Officeconnect 1850 48g 4xgt Poe+
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Officeconnect 1850 6xgt Firmware
Before pc.01.23
Running on/withPlatform Versions
Hpe
Officeconnect 1850 6xgt
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.