CVE-2022-37910

A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arubanetworks:sd-wan::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

History

07 Nov 2023, 03:49

Type	Values Removed	Values Added
Summary	~~A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.~~	A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.

Information

Published : 2022-12-12 13:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-37910

Mitre link : CVE-2022-37910

CVE.ORG link : CVE-2022-37910

JSON object : View

Products Affected

arubanetworks

arubaos
sd-wan

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-37910", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.7}]}, "published": "2022-12-12T13:15:13.317", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad resulta en una Denegaci\u00f3n de Servicio (DoS) en el sistema afectado."}], "lastModified": "2023-11-07T03:49:55.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}