{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-37908", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "dateReserved": "2022-08-08T18:45:22.552Z", "datePublished": "2022-11-03T19:29:32.777Z", "dateUpdated": "2024-08-03T10:37:42.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "unaffected", "version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.</p>"}], "value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2022-12-12T12:11:04.548862Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "cveClient/1.0.13"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:37:42.105Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB", "versionEndExcluding": "8.7.0.0-2.3.0.6", "versionStartIncluding": "8.7.0.0-2.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7", "versionEndExcluding": "6.5.4.22", "versionStartIncluding": "6.5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97", "versionEndExcluding": "8.6.0.17", "versionStartIncluding": "8.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD", "versionEndExcluding": "8.7.1.9", "versionStartIncluding": "8.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633", "versionEndExcluding": "10.3.0.1", "versionStartIncluding": "8.8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\n\n"}, {"lang": "es", "value": "Un atacante autenticado puede afectar la integridad del gestor de arranque de ArubaOS en los controladores de la serie 7xxx. Una explotaci\u00f3n exitosa puede comprometer la cadena de confianza del hardware en el controlador afectado."}], "id": "CVE-2022-37908", "lastModified": "2024-11-21T07:15:21.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-12T13:15:13.187", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}