CVE-2021-41002

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Aruba CX 6200F Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 6300 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 6400 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 8320 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 8325 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 8400 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba CX 8360 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba CX 6200F Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 6300 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 6400 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8320 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8325 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8400 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba CX 8360 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba CX 6200F Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 6300 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 6400 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8320 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8325 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8400 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba CX 8360 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba CX 6200F Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 6300 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 6400 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8320 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8325 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8400 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba CX 8360 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below

Description Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in various Aruba switch series. These vulnerabilities can be exploited by authenticated attackers. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.

Recommendations For Aruba CX 6200F Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba CX 6200F Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba CX 6200F Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba CX 6200F Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-41002

Affected Products

Aos-Cx

Aruba 6300 Switch Series

Aruba 6400 Switch Series

Aruba 8320 Switch Series

Aruba 8325 Switch Series

Aruba 8400 Switch Series

Aruba Cx 6200F Switch Series

Aruba Cx 8360 Switch Series

CVE-2021-41002

Weakness Enumeration

Related Identifiers

Affected Products

References · 4