CVE-2021-25141 — MEDIUM (4.4)

Q: How severe is CVE-2021-25141?

CVE-2021-25141 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25141?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Aruba 5406R Zl2 Firmware, Arubanetworks Aruba 5406R Zl2, Arubanetworks Aruba 5412R Zl2 Firmware, Arubanetworks Aruba 5412R Zl2, Arubanetworks Aruba 3810M Firmware.

Vulnerability Description

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Arubanetworks	Aruba 5406R Zl2 Firmware	< kb.16.10.0012
Arubanetworks	Aruba 5406R Zl2	-
Arubanetworks	Aruba 5412R Zl2 Firmware	< kb.16.10.0012
Arubanetworks	Aruba 5412R Zl2	-
Arubanetworks	Aruba 3810M Firmware	< kb.16.10.0012
Arubanetworks	Aruba 3810M	-
Arubanetworks	Aruba 2930M Firmware	< wc.16.10.0012
Arubanetworks	Aruba 2930M	-
Arubanetworks	Aruba 2930F Firmware	< wc.16.10.0012
Arubanetworks	Aruba 2930F	-
Arubanetworks	Aruba 2920 Firmware	< wb.16.10.0011
Arubanetworks	Aruba 2920	-
Arubanetworks	Aruba 2540 Firmware	< yc.16.10.0012
Arubanetworks	Aruba 2540	-
Arubanetworks	Aruba 2530Ya Firmware	< ya.16.10.0012
Arubanetworks	Aruba 2530Ya	-
Arubanetworks	Aruba 3800 Firmware	< ka.16.04.0022
Arubanetworks	Aruba 3800	-
Arubanetworks	Aruba 2620 Firmware	< ra.16.04.0022
Arubanetworks	Aruba 2620	-

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory

FAQ

What is CVE-2021-25141?

CVE-2021-25141 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information...

How severe is CVE-2021-25141?

CVE-2021-25141 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25141?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Aruba 5406R Zl2 Firmware, Arubanetworks Aruba 5406R Zl2, Arubanetworks Aruba 5412R Zl2 Firmware, Arubanetworks Aruba 5412R Zl2, Arubanetworks Aruba 3810M Firmware.