There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory |
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
12 Dec 2022, 21:25
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf - Third Party Advisory | |
CPE | cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:* |
|
First Time |
Siemens scalance W1750d Firmware
Siemens Siemens scalance W1750d |
08 Nov 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Oct 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Oct 2022, 19:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:h:arubanetworks:ap-324:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-504:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-204:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-207:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-115:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-325:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-225:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-534:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-103:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-205:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-303:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-318:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-115:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-224:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-207:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-224:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-318:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-120:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:rap-108:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-505:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-315:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-515:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-340:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-121:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-305:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-114:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-135:-:*:*:*:*:*:*:* cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-315:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-314:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-334:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-215:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-304:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-130:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-204:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-205:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-535:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-324:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-214:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-103:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:rap-109:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-114:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-314:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-334:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-514:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-305:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-555:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-225:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-370:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:ap-304:-:*:*:*:*:*:*:* cpe:2.3:h:arubanetworks:iap-325:-:*:*:*:*:*:*:* |
|
First Time |
Arubanetworks ap-115
Arubanetworks ap-504 Arubanetworks ap-207 Arubanetworks ap-225 Arubanetworks iap-314 Arubanetworks iap-224 Arubanetworks iap-305 Arubanetworks ap-514 Arubanetworks ap-315 Arubanetworks ap-318 Arubanetworks iap-318 Arubanetworks iap-207 Arubanetworks iap-315 Arubanetworks iap-334 Arubanetworks iap-324 Arubanetworks ap-215 Arubanetworks ap-135 Arubanetworks ap-303 Arubanetworks ap-635 Arubanetworks iap-115 Arubanetworks iap-304 Arubanetworks ap-655 Arubanetworks ap-204 Arubanetworks ap-534 Arubanetworks ap-214 Arubanetworks ap-120 Arubanetworks ap-314 Arubanetworks ap-224 Arubanetworks ap-370 Arubanetworks ap-515 Arubanetworks ap-325 Arubanetworks ap-334 Arubanetworks iap-114 Arubanetworks ap-205 Arubanetworks instant Arubanetworks arubaos Arubanetworks ap-324 Arubanetworks ap-305 Arubanetworks iap-325 Arubanetworks ap-555 Arubanetworks Arubanetworks ap-340 Arubanetworks rap-108 Arubanetworks ap-505 Arubanetworks rap-109 Arubanetworks ap-304 Arubanetworks ap-103 Arubanetworks ap-535 Arubanetworks iap-204 Arubanetworks iap-225 Arubanetworks ap-121 Arubanetworks iap-205 Arubanetworks ap-114 Arubanetworks ap-130 Arubanetworks iap-103 |
06 Oct 2022, 18:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-06 18:16
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37888
Mitre link : CVE-2022-37888
CVE.ORG link : CVE-2022-37888
JSON object : View
Products Affected
arubanetworks
- iap-305
- ap-205
- instant
- ap-103
- iap-225
- iap-304
- ap-325
- ap-534
- ap-303
- ap-635
- ap-115
- ap-515
- arubaos
- ap-304
- ap-340
- ap-315
- iap-103
- ap-334
- iap-115
- iap-204
- ap-214
- iap-207
- ap-324
- ap-655
- iap-334
- ap-121
- ap-370
- ap-555
- ap-535
- ap-120
- iap-205
- ap-514
- ap-114
- ap-314
- iap-318
- ap-135
- ap-215
- ap-130
- ap-305
- ap-318
- rap-108
- ap-224
- iap-324
- ap-505
- iap-224
- iap-314
- ap-504
- iap-325
- ap-207
- ap-225
- iap-114
- rap-109
- iap-315
- ap-204
siemens
- scalance_w1750d
- scalance_w1750d_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')