CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
22.7%
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
Vendor | Product | Version | CPE |
---|---|---|---|
arubanetworks | sd-wan | * | cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:* |
arubanetworks | arubaos | * | cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* |
arubanetworks | 7005 | - | cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:* |
arubanetworks | 7008 | - | cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:* |
arubanetworks | 7010 | - | cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:* |
arubanetworks | 7024 | - | cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:* |
arubanetworks | 7030 | - | cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:* |
arubanetworks | 7205 | - | cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:* |
arubanetworks | 7210 | - | cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:* |
arubanetworks | 7220 | - | cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
]