Path Traversal Vulnerabilities in Aruba CX Switch Series Products
CVE-2021-41002

8.1HIGH

Key Information:

Vendor: HP
Status: Aruba Cx 6200f Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba Cx 8360 Switch Series
Vendor: CVE Published:; 2 March 2022

Summary

Multiple authenticated remote path traversal vulnerabilities have been identified in the AOS-CX command line interface of various Aruba CX Switch Series. These vulnerabilities could allow an authenticated attacker to access files or commands stored outside the intended file directory. Affected versions include AOS-CX 10.06.xxxx through 10.06.0170, 10.07.xxxx through 10.07.0050, 10.08.xxxx through 10.08.1030, and 10.09.xxxx through 10.09.0002. Aruba Networks has released patches addressing these vulnerabilities, allowing users to secure their devices effectively.

Affected Version(s)

Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Sep 13, 2021