Lucene search

HpeCVE-2020-24637

HistoryDec 11, 2020 - 2:15 a.m.

CVE-2020-24637

2020-12-1102:15:11

hpe

web.nvd.nist.gov

arubaos

grub2

vulnerability

bypass

secureboot

remote compromise

system integrity

aruba 9000 gateway

aruba 7000 series mobility controllers

aruba 7200 series mobility controllers

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Affected configurations

Nvd

Node

arubanetworksarubaosRange<8.5.0.11

arubanetworksarubaosRange8.6.0.0–8.6.0.6

arubanetworksarubaosRange8.7.0.0–8.7.1.0

AND

arubanetworks7005Match-

arubanetworks7008Match-

arubanetworks7010Match-

arubanetworks7024Match-

arubanetworks7030Match-

arubanetworks7205Match-

arubanetworks7210Match-

arubanetworks7220Match-

arubanetworks7240xmMatch-

arubanetworks7280Match-

Node

arubanetworkssd-wanRange<2.1.0.2

arubanetworkssd-wanRange2.2.0.0–2.2.0.1

AND

arubanetworks9004Match-

arubanetworks9004-lteMatch-

arubanetworks9012Match-

VendorProductVersionCPE
arubanetworksarubaos*cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
arubanetworks7005-cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*
arubanetworks7008-cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*
arubanetworks7010-cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
arubanetworks7024-cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*
arubanetworks7030-cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
arubanetworks7205-cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
arubanetworks7210-cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
arubanetworks7220-cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
arubanetworks7240xm-cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	arubaos	*	cpe:2.3:o:arubanetworks:arubaos::::::::
arubanetworks	7005	-	cpe:2.3:h:arubanetworks:7005:-:::::::*
arubanetworks	7008	-	cpe:2.3:h:arubanetworks:7008:-:::::::*
arubanetworks	7010	-	cpe:2.3:h:arubanetworks:7010:-:::::::*
arubanetworks	7024	-	cpe:2.3:h:arubanetworks:7024:-:::::::*
arubanetworks	7030	-	cpe:2.3:h:arubanetworks:7030:-:::::::*
arubanetworks	7205	-	cpe:2.3:h:arubanetworks:7205:-:::::::*
arubanetworks	7210	-	cpe:2.3:h:arubanetworks:7210:-:::::::*
arubanetworks	7220	-	cpe:2.3:h:arubanetworks:7220:-:::::::*
arubanetworks	7240xm	-	cpe:2.3:h:arubanetworks:7240xm:-:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "product": "Aruba 9000 Gateway",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2.1.0.1"
      },
      {
        "status": "affected",
        "version": "2.2.0.0 and below"
      }
    ]
  },
  {
    "product": "Aruba 7000 Series Mobility Controllers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.4.23"
      },
      {
        "status": "affected",
        "version": "6.5.4.17"
      },
      {
        "status": "affected",
        "version": "8.2.2.9"
      },
      {
        "status": "affected",
        "version": "8.3.0.13"
      },
      {
        "status": "affected",
        "version": "8.5.0.10"
      },
      {
        "status": "affected",
        "version": "8.6.0.5"
      },
      {
        "status": "affected",
        "version": "8.7.0.0 and below"
      }
    ]
  },
  {
    "product": "Aruba 7200 Series Mobility Controllers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.4.23"
      },
      {
        "status": "affected",
        "version": "6.5.4.17"
      },
      {
        "status": "affected",
        "version": "8.2.2.9"
      },
      {
        "status": "affected",
        "version": "8.3.0.13"
      },
      {
        "status": "affected",
        "version": "8.5.0.10"
      },
      {
        "status": "affected",
        "version": "8.6.0.5"
      },
      {
        "status": "affected",
        "version": "8.7.0.0 and below"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVE-2020-24637