PT-2022-6050 · Aruba · Arubaos 10+1
Published
2022-10-07
·
Updated
2022-11-09
·
CVE-2022-37891
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below
Aruba InstantOS versions 6.5.4.23 and below
Aruba InstantOS versions 8.6.0.18 and below
Aruba InstantOS versions 8.7.1.9 and below
Aruba InstantOS versions 8.10.0.1 and below
ArubaOS 10 versions 10.3.1.0 and below
Description
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system.
Recommendations
For Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below, update to a version above 6.4.4.20.
For Aruba InstantOS versions 6.5.4.23 and below, update to a version above 6.5.4.23.
For Aruba InstantOS versions 8.6.0.18 and below, update to a version above 8.6.0.18.
For Aruba InstantOS versions 8.7.1.9 and below, update to a version above 8.7.1.9.
For Aruba InstantOS versions 8.10.0.1 and below, update to a version above 8.10.0.1.
For ArubaOS 10 versions 10.3.1.0 and below, update to a version above 10.3.1.0.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aruba Instant
Arubaos 10