Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHpeCVE-2020-24636
HistoryMar 29, 2021 - 8:15 p.m.

CVE-2020-24636

2021-03-2920:15:12
CWE-78
hpe
web.nvd.nist.gov
41
4
cve
2020
24636
aruba
instant
access point
iap
remote execution
arbitrary commands
vulnerability
security
patch

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.014

Percentile

86.7%

JSON

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Affected configurations

Nvd
Node
arubanetworksinstantRange6.5.0.06.5.4.18
OR
arubanetworksinstantRange8.3.0.08.3.0.14
OR
arubanetworksinstantRange8.5.0.08.5.0.11
OR
arubanetworksinstantRange8.6.0.08.6.0.6
OR
arubanetworksinstantRange8.7.0.08.7.1.0
Node
siemensscalance_w1750d_firmwareRange8.7.08.7.1.3
AND
siemensscalance_w1750dMatch-
VendorProductVersionCPE
arubanetworksinstant*cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
siemensscalance_w1750d_firmware*cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
siemensscalance_w1750d-cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Aruba Instant Access Points",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba Instant 6.5.x: 6.5.4.17 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.3.x: 8.3.0.13 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.5.x: 8.5.0.10 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.6.x: 8.6.0.5 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.7.x: 8.7.0.0 and below"
      }
    ]
  }
]

Social References

More

Related

prion 1
nvd 1
cvelist 1
nessus 1
ics 1
prion
prion
Design/Logic Flaw
2021-03-29 20:15:00
nvd
nvd
CVE-2020-24636
2021-03-29 20:15:12
cvelist
cvelist
CVE-2020-24636
2021-03-29 19:08:15
nessus
nessus
Siemens SCALANCE W1750D Command Injection (CVE-2020-24636)
2023-04-11 00:00:00
ics
ics
Siemens SCALANCE W1750D (Update B)
2021-10-14 12:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.014

Percentile

86.7%

JSON
Related for CVE-2020-24636
prion1nvd1cvelist1nessus1ics1