CVE-2022-37903

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-37903
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
OR cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*
History

07 Nov 2023, 03:49

Type Values Removed Values Added
Summary A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system. A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.

15 Dec 2022, 15:25

Type Values Removed Values Added
First Time Arubanetworks 7205
Arubanetworks 7010
Arubanetworks 7220
Arubanetworks 7240xm
Arubanetworks
Arubanetworks 7008
Arubanetworks sd-wan
Arubanetworks arubaos
Arubanetworks 7280
Arubanetworks 7030
Arubanetworks 7005
Arubanetworks 7210
Arubanetworks 7024
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*
References (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt - (MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt - Vendor Advisory

12 Dec 2022, 13:17

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-12 13:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-37903

Mitre link : CVE-2022-37903

CVE.ORG link : CVE-2022-37903

JSON object : View

Products Affected

arubanetworks

  • 7280
  • 7005
  • 7030
  • 7205
  • 7220
  • 7024
  • arubaos
  • sd-wan
  • 7210
  • 7008
  • 7010
  • 7240xm
CWE
CWE-787

Out-of-bounds Write