CVE Vulnerabilities

CVE-2022-37905

Published: Dec 12, 2022 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

Affected Software

Name Vendor Start Version End Version
Sd-wan Arubanetworks 8.7.0.0-2.3.0.0 (including) 8.7.0.0-2.3.0.6 (excluding)
Arubaos Arubanetworks 6.5.4.0 (including) 6.5.4.22 (excluding)
Arubaos Arubanetworks 8.4.0.0 (including) 8.6.0.17 (excluding)
Arubaos Arubanetworks 8.7.0.0 (including) 8.7.1.9 (excluding)
Arubaos Arubanetworks 8.8.0.0 (including) 8.9.0.3 (including)
Arubaos Arubanetworks 10.3.0.0 (including) 10.3.0.0 (including)

References