CVE-2021-29148

Name of the Vulnerable Software and Affected Versions: Aruba CX 6200F Switch Series versions prior to 10.04.3070 Aruba 6300 Switch Series versions prior to 10.04.3070 Aruba 6400 Switch Series versions prior to 10.04.3070 Aruba 8320 Switch Series versions prior to 10.04.3070 Aruba 8325 Switch Series versions prior to 10.04.3070 Aruba 8400 Switch Series versions prior to 10.04.3070 Aruba CX 8360 Switch Series versions prior to 10.04.3070 Aruba AOS-CX firmware versions 10.04.xxxx through 10.04.3069 Aruba AOS-CX firmware versions 10.05.xxxx through 10.05.0069 Aruba AOS-CX firmware versions 10.06.xxxx through 10.06.0109 Aruba AOS-CX firmware versions 10.07.xxxx through 10.07.0000

Description: A local cross-site scripting (XSS) vulnerability was discovered in multiple Aruba switch series. The issue allows for a local cross-site scripting attack. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.

Recommendations: For Aruba CX 6200F Switch Series, update to a version after 10.04.3070. For Aruba 6300 Switch Series, update to a version after 10.04.3070. For Aruba 6400 Switch Series, update to a version after 10.04.3070. For Aruba 8320 Switch Series, update to a version after 10.04.3070. For Aruba 8325 Switch Series, update to a version after 10.04.3070. For Aruba 8400 Switch Series, update to a version after 10.04.3070. For Aruba CX 8360 Switch Series, update to a version after 10.04.3070. For Aruba AOS-CX firmware versions 10.04.xxxx, update to version 10.04.3070 or later. For Aruba AOS-CX firmware versions 10.05.xxxx, update to version 10.05.0070 or later. For Aruba AOS-CX firmware versions 10.06.xxxx, update to version 10.06.0110 or later. For Aruba AOS-CX firmware versions 10.07.xxxx, update to version 10.07.0001 or later.