CVE-2019-5401 — MEDIUM (4.8)

Vulnerability Description

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Hp	Hp2910Al-48G Firmware	w.15.14.00.16
Hp	Hp2910Al-48G	-

Related Weaknesses (CWE)

CWE-79

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory

FAQ

What is CVE-2019-5401?

CVE-2019-5401 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configura...

How severe is CVE-2019-5401?

CVE-2019-5401 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5401?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Hp2910Al-48G Firmware, Hp Hp2910Al-48G.