Vulnerability Description
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Sd-Wan | >= 8.7.0.0-2.3.0.0, < 8.7.0.0-2.3.0.6 |
| Arubanetworks | Arubaos | >= 6.5.4.0, < 6.5.4.22 |
| Arubanetworks | 7005 | - |
| Arubanetworks | 7008 | - |
| Arubanetworks | 7010 | - |
| Arubanetworks | 7024 | - |
| Arubanetworks | 7030 | - |
| Arubanetworks | 7205 | - |
| Arubanetworks | 7210 | - |
| Arubanetworks | 7220 | - |
| Arubanetworks | 7240Xm | - |
| Arubanetworks | 7280 | - |
Related Weaknesses (CWE)
References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txtVendor Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txtVendor Advisory
FAQ
What is CVE-2022-37908?
CVE-2022-37908 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. ...
How severe is CVE-2022-37908?
CVE-2022-37908 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37908?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Sd-Wan, Arubanetworks Arubaos, Arubanetworks 7005, Arubanetworks 7008, Arubanetworks 7010.