exploitDog

CVE-2022-37888

Опубликовано: 06 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf
Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt
Mailing List
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf
Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

Версия от 10.3.0.0 (включая) до 10.3.1.1 (исключая)

cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*

Версия от 6.4.0.0 (включая) до 6.4.4.8-4.2.4.21 (исключая)

cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*

Версия от 6.5.0.0 (включая) до 6.5.4.24 (исключая)

cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*

Версия от 8.6.0.0 (включая) до 8.6.0.19 (исключая)

cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*

Версия от 8.7.0.0 (включая) до 8.7.1.10 (исключая)

cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*

Версия от 8.10.0.0 (включая) до 8.10.0.2 (исключая)

Одно из

cpe:2.3:h:arubanetworks:ap-103:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-114:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-115:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-120:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-121:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-130:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-135:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-204:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-205:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-207:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-214:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-215:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-224:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-225:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-303:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-304:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-305:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-314:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-315:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-318:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-324:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-325:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-334:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-340:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-370:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-504:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-505:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-514:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-515:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-534:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-535:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-555:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-103:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-114:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-115:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-204:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-205:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-207:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-224:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-225:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-304:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-305:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-314:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-315:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-318:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-324:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-325:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:iap-334:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:rap-108:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:rap-109:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01227

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-120

Связанные уязвимости

GHSA-j45x-9cfm-vhqh

CVSS3: 9.8

github

больше 3 лет назад

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

BDU:2022-06932

CVSS3: 9.8

fstec

больше 3 лет назад

Уязвимость микропрограммного обеспечения промышленных коммутаторов Siemens SCALANCE, связанная с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 79%

0.01227

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-120