CVE Vulnerabilities

CVE-2022-37904

Published: Dec 12, 2022 | Modified: May 02, 2025
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

Affected Software

Name Vendor Start Version End Version
Sd-wan Arubanetworks 8.7.0.0-2.3.0.0 (including) 8.7.0.0-2.3.0.6 (excluding)
Arubaos Arubanetworks 6.5.4.0 (including) 6.5.4.22 (excluding)
Arubaos Arubanetworks 8.4.0.0 (including) 8.6.0.17 (excluding)
Arubaos Arubanetworks 8.7.0.0 (including) 8.7.1.9 (excluding)
Arubaos Arubanetworks 8.8.0.0 (including) 8.9.03 (including)
Arubaos Arubanetworks 10.3.0.0 (including) 10.3.0.0 (including)

References