Vulnerability Description
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | < 8.5.0.11 |
| Arubanetworks | 7005 | - |
| Arubanetworks | 7008 | - |
| Arubanetworks | 7010 | - |
| Arubanetworks | 7024 | - |
| Arubanetworks | 7030 | - |
| Arubanetworks | 7205 | - |
| Arubanetworks | 7210 | - |
| Arubanetworks | 7220 | - |
| Arubanetworks | 7240Xm | - |
| Arubanetworks | 7280 | - |
| Arubanetworks | Sd-Wan | < 2.1.0.2 |
| Arubanetworks | 9004 | - |
| Arubanetworks | 9004-Lte | - |
| Arubanetworks | 9012 | - |
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2020-24637?
CVE-2020-24637 is a vulnerability with a CVSS score of 7.2 (HIGH). Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity ...
How severe is CVE-2020-24637?
CVE-2020-24637 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24637?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Arubanetworks 7005, Arubanetworks 7008, Arubanetworks 7010, Arubanetworks 7024.