CVE-2022-37908

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-37908
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

5.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:15

Type Values Removed Values Added
References () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt - Vendor Advisory () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 5.8

07 Nov 2023, 03:49

Type Values Removed Values Added
Summary An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
Information

Published : 2022-12-12 13:15

Updated : 2024-11-21 07:15

NVD link : CVE-2022-37908

Mitre link : CVE-2022-37908

CVE.ORG link : CVE-2022-37908

JSON object : View

Products Affected

arubanetworks

  • 7005
  • 7220
  • 7210
  • 7010
  • 7024
  • 7280
  • 7240xm
  • 7205
  • arubaos
  • 7030
  • 7008
  • sd-wan
CWE
NVD-CWE-noinfo