Lucene search

[email protected]CVE-2021-25161

HistoryMar 30, 2021 - 2:15 a.m.

CVE-2021-25161

2021-03-3002:15:16

CWE-79

[email protected]

web.nvd.nist.gov

104

cve-2021-25161

aruba

instant access point

iap

remote

cross-site scripting

xss

security vulnerability

patch

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.2%

JSON

A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Affected configurations

NVD

Node

arubanetworksinstantRange6.4.0.0–6.4.4.8-4.2.4.18

arubanetworksinstantRange6.5.0.0–6.5.4.19

arubanetworksinstantRange8.3.0.0–8.3.0.15

arubanetworksinstantRange8.5.0.0–8.5.0.12

arubanetworksinstantRange8.6.0.0–8.6.0.8

arubanetworksinstantRange8.7.0.0–8.7.1.2

Node

siemensscalance_w1750d_firmwareRange8.7.0–8.7.1.3

AND

siemensscalance_w1750dMatch-

CPENameOperatorVersion
arubanetworks:instantarubanetworks instantle6.4.4.8-4.2.4.18
arubanetworks:instantarubanetworks instantlt6.5.4.19
arubanetworks:instantarubanetworks instantlt8.3.0.15
arubanetworks:instantarubanetworks instantlt8.5.0.12
arubanetworks:instantarubanetworks instantlt8.6.0.8
arubanetworks:instantarubanetworks instantlt8.7.1.2

CPE	Name	Operator	Version
arubanetworks:instant	arubanetworks instant	le	6.4.4.8-4.2.4.18
arubanetworks:instant	arubanetworks instant	lt	6.5.4.19
arubanetworks:instant	arubanetworks instant	lt	8.3.0.15
arubanetworks:instant	arubanetworks instant	lt	8.5.0.12
arubanetworks:instant	arubanetworks instant	lt	8.6.0.8
arubanetworks:instant	arubanetworks instant	lt	8.7.1.2

CNA Affected

[
  {
    "product": "Aruba Instant Access Points",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 6.5.x: 6.5.4.18 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.3.x: 8.3.0.14 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.5.x: 8.5.0.11 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.6.x: 8.6.0.7 and below"
      },
      {
        "status": "affected",
        "version": "Aruba Instant 8.7.x: 8.7.1.1 and below"
      }
    ]
  }
]

References

packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html

cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf

www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2021-25161

nessus1 prion1 nvd1 cvelist1 packetstorm1 zdt1 ics1