CVE-2022-37888

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt	Mailing List Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

OR	cpe:2.3:h:arubanetworks:ap-655:-:::::::*
	cpe:2.3:h:arubanetworks:ap-635:-:::::::*
	cpe:2.3:h:arubanetworks:ap-555:-:::::::*
	cpe:2.3:h:arubanetworks:ap-534:-:::::::*
	cpe:2.3:h:arubanetworks:ap-535:-:::::::*
	cpe:2.3:h:arubanetworks:ap-514:-:::::::*
	cpe:2.3:h:arubanetworks:ap-515:-:::::::*
	cpe:2.3:h:arubanetworks:ap-504:-:::::::*
	cpe:2.3:h:arubanetworks:ap-505:-:::::::*
	cpe:2.3:h:arubanetworks:ap-370:-:::::::*
	cpe:2.3:h:arubanetworks:ap-340:-:::::::*
	cpe:2.3:h:arubanetworks:ap-334:-:::::::*
	cpe:2.3:h:arubanetworks:iap-334:-:::::::*
	cpe:2.3:h:arubanetworks:ap-318:-:::::::*
	cpe:2.3:h:arubanetworks:iap-318:-:::::::*
	cpe:2.3:h:arubanetworks:ap-324:-:::::::*
	cpe:2.3:h:arubanetworks:iap-324:-:::::::*
	cpe:2.3:h:arubanetworks:ap-325:-:::::::*
	cpe:2.3:h:arubanetworks:iap-325:-:::::::*
	cpe:2.3:h:arubanetworks:ap-314:-:::::::*
	cpe:2.3:h:arubanetworks:iap-314:-:::::::*
	cpe:2.3:h:arubanetworks:ap-315:-:::::::*
	cpe:2.3:h:arubanetworks:iap-315:-:::::::*
	cpe:2.3:h:arubanetworks:ap-303:-:::::::*
	cpe:2.3:h:arubanetworks:ap-304:-:::::::*
	cpe:2.3:h:arubanetworks:iap-304:-:::::::*
	cpe:2.3:h:arubanetworks:ap-305:-:::::::*
	cpe:2.3:h:arubanetworks:iap-305:-:::::::*
	cpe:2.3:h:arubanetworks:ap-224:-:::::::*
	cpe:2.3:h:arubanetworks:iap-224:-:::::::*
	cpe:2.3:h:arubanetworks:ap-225:-:::::::*
	cpe:2.3:h:arubanetworks:iap-225:-:::::::*
	cpe:2.3:h:arubanetworks:ap-214:-:::::::*
	cpe:2.3:h:arubanetworks:ap-215:-:::::::*
	cpe:2.3:h:arubanetworks:ap-207:-:::::::*
	cpe:2.3:h:arubanetworks:iap-207:-:::::::*
	cpe:2.3:h:arubanetworks:ap-204:-:::::::*
	cpe:2.3:h:arubanetworks:ap-205:-:::::::*
	cpe:2.3:h:arubanetworks:iap-204:-:::::::*
	cpe:2.3:h:arubanetworks:iap-205:-:::::::*
	cpe:2.3:h:arubanetworks:ap-130:-:::::::*
	cpe:2.3:h:arubanetworks:ap-135:-:::::::*
	cpe:2.3:h:arubanetworks:ap-120:-:::::::*
	cpe:2.3:h:arubanetworks:ap-121:-:::::::*
	cpe:2.3:h:arubanetworks:ap-114:-:::::::*
	cpe:2.3:h:arubanetworks:iap-114:-:::::::*
	cpe:2.3:h:arubanetworks:ap-115:-:::::::*
	cpe:2.3:h:arubanetworks:iap-115:-:::::::*
	cpe:2.3:h:arubanetworks:ap-103:-:::::::*
	cpe:2.3:h:arubanetworks:iap-103:-:::::::*
	cpe:2.3:h:arubanetworks:rap-109:-:::::::*
	cpe:2.3:h:arubanetworks:rap-108:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

Information

Published : 2022-10-06 11:16

Updated : 2022-12-12 13:25

NVD link : CVE-2022-37888

Mitre link : CVE-2022-37888

JSON object : View

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Products Affected

arubanetworks

ap-635
iap-224
ap-534
ap-370
iap-225
ap-130
ap-515
iap-314
iap-305
ap-655
ap-334
iap-318
ap-324
iap-103
ap-207
ap-340
iap-207
iap-325
iap-304
iap-114
iap-115
ap-214
ap-103
rap-108
ap-325
ap-114
arubaos
ap-318
ap-305
iap-315
ap-303
ap-120
ap-535
ap-314
ap-304
ap-555
ap-135
rap-109
iap-334
ap-204
ap-215
ap-205
ap-504
ap-121
instant
ap-505
iap-204
ap-315
ap-514
ap-225
iap-205
iap-324
ap-115
ap-224

siemens

scalance_w1750d_firmware
scalance_w1750d

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-120"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-37888", "ASSIGNER": "security-alert@hpe.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-10-06T18:16Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.10.0.2", "versionStartIncluding": "8.10.0.0"}, {"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.7.1.10", "versionStartIncluding": "8.7.0.0"}, {"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0"}, {"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.5.4.24", "versionStartIncluding": "6.5.0.0"}, {"cpe23Uri": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.4.4.8-4.2.4.21", "versionStartIncluding": "6.4.0.0"}, {"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.3.1.1", "versionStartIncluding": "10.3.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-534:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-535:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-514:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-515:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-504:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-505:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-370:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-340:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-334:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-334:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-318:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-318:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-324:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-324:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-325:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-325:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-315:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-315:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-303:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-304:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-304:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-305:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-305:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-224:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-224:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-225:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-225:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-214:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-215:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-207:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-207:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-204:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-205:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-204:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-205:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-135:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-121:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-114:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-114:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-115:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-115:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:ap-103:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:iap-103:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:rap-109:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arubanetworks:rap-108:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-12T21:25Z"}

9.8 /10