CVE-2022-37934 — MEDIUM (6.8)

Q: How severe is CVE-2022-37934?

CVE-2022-37934 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-37934?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A Firmware, Hp Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A, Hp Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A Firmware, Hp Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A, Hp Officeconnect 1820 8G Poe\+ \(65W\) Switch J9982A Firmware.

Vulnerability Description

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hp	Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A Firmware	< pt.02.17
Hp	Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A	-
Hp	Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A Firmware	< pt.02.17
Hp	Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A	-
Hp	Officeconnect 1820 8G Poe\+ \(65W\) Switch J9982A Firmware	< pt.02.17
Hp	Officeconnect 1820 8G Poe\+ \(65W\) Switch J9982A	-
Hp	Officeconnect 1820 8G Switch J9979A Firmware	< pt.02.17
Hp	Officeconnect 1820 8G Switch J9979A	-
Hpe	Officeconnect 1850 24G 2Xgt Firmware	< pc.01.23
Hpe	Officeconnect 1850 24G 2Xgt	-
Hpe	Officeconnect 1850 24G 2Xgt Poe\+ Firmware	< pc.01.23
Hpe	Officeconnect 1850 24G 2Xgt Poe\+	-
Hpe	Officeconnect 1850 2Xgt\/Spf\+ Firmware	< po.01.22
Hpe	Officeconnect 1850 2Xgt\/Spf\+	-
Hpe	Officeconnect 1850 48G 4Xgt Firmware	< pc.01.23
Hpe	Officeconnect 1850 48G 4Xgt	-
Hpe	Officeconnect 1850 48G 4Xgt Poe\+ Firmware	< pc.01.23
Hpe	Officeconnect 1850 48G 4Xgt Poe\+	-
Hpe	Officeconnect 1850 6Xgt Firmware	< pc.01.23
Hpe	Officeconnect 1850 6Xgt	-

Related Weaknesses (CWE)

CWE-22

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory

FAQ

What is CVE-2022-37934?

CVE-2022-37934 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE Offic...

How severe is CVE-2022-37934?

CVE-2022-37934 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37934?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A Firmware, Hp Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A, Hp Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A Firmware, Hp Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A, Hp Officeconnect 1820 8G Poe\+ \(65W\) Switch J9982A Firmware.