Vulnerability Description
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Sd-Wan | >= 8.7.0.0-2.3.0.0, < 8.7.0.0-2.3.0.6 |
| Arubanetworks | Arubaos | >= 6.5.4.0, < 6.5.4.22 |
| Arubanetworks | 7005 | - |
| Arubanetworks | 7008 | - |
| Arubanetworks | 7010 | - |
| Arubanetworks | 7024 | - |
| Arubanetworks | 7030 | - |
| Arubanetworks | 7205 | - |
| Arubanetworks | 7210 | - |
| Arubanetworks | 7220 | - |
| Arubanetworks | 7240Xm | - |
| Arubanetworks | 7280 | - |
Related Weaknesses (CWE)
References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txtVendor Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txtVendor Advisory
FAQ
What is CVE-2022-37904?
CVE-2022-37904 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achie...
How severe is CVE-2022-37904?
CVE-2022-37904 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37904?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Sd-Wan, Arubanetworks Arubaos, Arubanetworks 7005, Arubanetworks 7008, Arubanetworks 7010.