Vulnerability-Lookup

CVE-2021-37721 (GCVE-0-2021-37721)

Vulnerability from cvelistv5 – Published: 2021-09-07 12:35 – Updated: 2024-08-04 01:23

Summary

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Severity ?

No CVSS data available.

CWE

remote arbitrary command execution

Assigner

hpe

References

URL

Tags

	https://www.arubanetworks.com/assets/alert/ARUBA-…	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Aruba SD-WAN Software and Gateways; Aruba Operating System Software	Affected: Prior to 8.6.0.4-2.2.0.4 Affected: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:23:01.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.6.0.4-2.2.0.4"
            },
            {
              "status": "affected",
              "version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T11:06:13.000Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-37721",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.6.0.4-2.2.0.4"
                          },
                          {
                            "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote arbitrary command execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-37721",
    "datePublished": "2021-09-07T12:35:27.000Z",
    "dateReserved": "2021-07-29T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:23:01.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2021-37721

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-37721

Aliases

CVE-2021-37721

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-37721",
    "description": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.",
    "id": "GSD-2021-37721"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-37721"
      ],
      "details": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.",
      "id": "GSD-2021-37721",
      "modified": "2023-12-13T01:23:09.709592Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "ID": "CVE-2021-37721",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Prior to 8.6.0.4-2.2.0.4"
                        },
                        {
                          "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "remote arbitrary command execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
            "refsource": "MISC",
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.0.4",
                "versionStartIncluding": "2.2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.4.25",
                "versionStartIncluding": "6.4.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.5.4.20",
                "versionStartIncluding": "6.5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3.0.16",
                "versionStartIncluding": "8.3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.5.0.13",
                "versionStartIncluding": "8.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.6.0.9",
                "versionStartIncluding": "8.6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.7.1.4",
                "versionStartIncluding": "8.7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-37721"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-22T18:49Z",
      "publishedDate": "2021-09-07T13:15Z"
    }
  }
}

CERTFR-2021-AVI-774

Vulnerability from certfr_avis - Published: 2021-10-12 - Updated: 2021-10-12

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE W1750D
Siemens	N/A	SINUMERIK 828D
Siemens	N/A	SIMATIC Process Historian 2014
Siemens	N/A	SIMATIC Process Historian 2013 and earlier
Siemens	N/A	RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 versions antérieures à 2.14.1
Siemens	N/A	SINEC NMS versions antérieures à V1.0 SP2 Update 1
Siemens	N/A	SIMATIC Process Historian 2020
Siemens	N/A	SIMATIC Process Historian 2019
Siemens	N/A	SINUMERIK 808D

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-163251 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-766247 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-173565 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-280624 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-178380 du 12 octobre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE W1750D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 828D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2014",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2013 and earlier",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 versions ant\u00e9rieures \u00e0 2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2020",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 808D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-33724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33724"
    },
    {
      "name": "CVE-2021-33736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33736"
    },
    {
      "name": "CVE-2021-37721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37721"
    },
    {
      "name": "CVE-2021-37723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37723"
    },
    {
      "name": "CVE-2021-33732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33732"
    },
    {
      "name": "CVE-2021-33725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33725"
    },
    {
      "name": "CVE-2021-37728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37728"
    },
    {
      "name": "CVE-2021-37731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37731"
    },
    {
      "name": "CVE-2021-37724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37724"
    },
    {
      "name": "CVE-2021-37199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37199"
    },
    {
      "name": "CVE-2021-33729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33729"
    },
    {
      "name": "CVE-2021-33728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33728"
    },
    {
      "name": "CVE-2021-37722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37722"
    },
    {
      "name": "CVE-2021-37720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37720"
    },
    {
      "name": "CVE-2021-33722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33722"
    },
    {
      "name": "CVE-2021-33734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33734"
    },
    {
      "name": "CVE-2019-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5318"
    },
    {
      "name": "CVE-2021-33730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33730"
    },
    {
      "name": "CVE-2020-37719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-37719"
    },
    {
      "name": "CVE-2021-27395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27395"
    },
    {
      "name": "CVE-2021-37718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37718"
    },
    {
      "name": "CVE-2021-33735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33735"
    },
    {
      "name": "CVE-2021-33733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33733"
    },
    {
      "name": "CVE-2021-33731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33731"
    },
    {
      "name": "CVE-2021-33727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33727"
    },
    {
      "name": "CVE-2021-33723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33723"
    },
    {
      "name": "CVE-2021-37725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37725"
    },
    {
      "name": "CVE-2021-37729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37729"
    },
    {
      "name": "CVE-2021-37717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37717"
    },
    {
      "name": "CVE-2021-37733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37733"
    },
    {
      "name": "CVE-2021-33726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33726"
    },
    {
      "name": "CVE-2021-37716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37716"
    },
    {
      "name": "CVE-2021-41546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41546"
    }
  ],
  "initial_release_date": "2021-10-12T00:00:00",
  "last_revision_date": "2021-10-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-774",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-163251 du 12 octobre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-766247 du 12 octobre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173565 du 12 octobre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-280624 du 12 octobre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-178380 du 12 octobre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"
    }
  ]
}

CERTFR-2021-AVI-668

Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01

De multiples vulnérabilités ont été découvertes dans les produits Aruba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	ArubaOS versions 8.3.x.x antérieures à 8.3.0.16
N/A	N/A	SD-WAN-2.3.x.x versions antérieures à 8.7.0.0-2.3.0.0
N/A	N/A	ArubaOS versions 8.8.x.x antérieures à 8.8.0.1
N/A	N/A	SD-WAN-2.2.x.x versions antérieures à 8.6.0.4-2.2.0.6
N/A	N/A	ArubaOS versions 8.5.x.x antérieures à 8.5.0.13
N/A	N/A	ArubaOS versions 8.6.x.x antérieures à 8.6.0.11
N/A	N/A	ArubaOS versions 6.5.x.x antérieures à 6.5.4.20
N/A	N/A	ArubaOS versions 6.4.x.x antérieures à 6.4.4.25
N/A	N/A	ArubaOS versions 8.7.x.x antérieures à 8.7.1.4

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba ARUBA-PSA-2021-016 du 31 août 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ArubaOS versions 8.3.x.x ant\u00e9rieures \u00e0 8.3.0.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SD-WAN-2.3.x.x versions ant\u00e9rieures \u00e0 8.7.0.0-2.3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 8.8.x.x ant\u00e9rieures \u00e0 8.8.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SD-WAN-2.2.x.x versions ant\u00e9rieures \u00e0 8.6.0.4-2.2.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 8.5.x.x ant\u00e9rieures \u00e0 8.5.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 8.6.x.x ant\u00e9rieures \u00e0 8.6.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 6.5.x.x ant\u00e9rieures \u00e0 6.5.4.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 6.4.x.x ant\u00e9rieures \u00e0 6.4.4.25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 8.7.x.x ant\u00e9rieures \u00e0 8.7.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-37721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37721"
    },
    {
      "name": "CVE-2021-37723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37723"
    },
    {
      "name": "CVE-2021-37728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37728"
    },
    {
      "name": "CVE-2021-37731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37731"
    },
    {
      "name": "CVE-2021-37724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37724"
    },
    {
      "name": "CVE-2021-37722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37722"
    },
    {
      "name": "CVE-2021-37720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37720"
    },
    {
      "name": "CVE-2019-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5318"
    },
    {
      "name": "CVE-2020-37719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-37719"
    },
    {
      "name": "CVE-2021-37718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37718"
    },
    {
      "name": "CVE-2021-37719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37719"
    },
    {
      "name": "CVE-2021-37725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37725"
    },
    {
      "name": "CVE-2021-37729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37729"
    },
    {
      "name": "CVE-2021-37717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37717"
    },
    {
      "name": "CVE-2021-37733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37733"
    },
    {
      "name": "CVE-2021-37716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37716"
    }
  ],
  "initial_release_date": "2021-09-01T00:00:00",
  "last_revision_date": "2021-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-668",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Aruba.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Aruba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2021-016 du 31 ao\u00fbt 2021",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
    }
  ]
}

CNVD-2021-71258

Vulnerability from cnvd - Published: 2021-09-15

Title

Aruba Networks ArubaOS操作系统命令注入漏洞（CNVD-2021-71258）

Description

Aruba Networks ArubaOS是美国安移通网络（Aruba Networks）公司的一套面向Aruba Mobility-Defined Networks（包括移动控制器和移动接入交换机）的操作系统。 Aruba Networks ArubaOS存在命令注入漏洞，在 Aruba SD-WAN 软件和网关中发现远程任意命令执行漏洞。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Aruba Networks ArubaOS操作系统命令注入漏洞（CNVD-2021-71258）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://github.com/tuxera/ntfs-3g

Reference

https://www.cybersecurity-help.cz/vdb/SB2021090214

Impacted products

Name
Aruba Networks ArubaOS 8.x<8.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37721"
    }
  },
  "description": "Aruba Networks ArubaOS\u662f\u7f8e\u56fd\u5b89\u79fb\u901a\u7f51\u7edc\uff08Aruba Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411Aruba Mobility-Defined Networks\uff08\u5305\u62ec\u79fb\u52a8\u63a7\u5236\u5668\u548c\u79fb\u52a8\u63a5\u5165\u4ea4\u6362\u673a\uff09\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nAruba Networks ArubaOS\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5728 Aruba SD-WAN \u8f6f\u4ef6\u548c\u7f51\u5173\u4e2d\u53d1\u73b0\u8fdc\u7a0b\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://github.com/tuxera/ntfs-3g",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-71258",
  "openTime": "2021-09-15",
  "patchDescription": "Aruba Networks ArubaOS\u662f\u7f8e\u56fd\u5b89\u79fb\u901a\u7f51\u7edc\uff08Aruba Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411Aruba Mobility-Defined Networks\uff08\u5305\u62ec\u79fb\u52a8\u63a7\u5236\u5668\u548c\u79fb\u52a8\u63a5\u5165\u4ea4\u6362\u673a\uff09\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nAruba Networks ArubaOS\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5728 Aruba SD-WAN \u8f6f\u4ef6\u548c\u7f51\u5173\u4e2d\u53d1\u73b0\u8fdc\u7a0b\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Aruba Networks ArubaOS\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2021-71258\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Aruba Networks ArubaOS 8.x\u003c8.2"
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2021090214",
  "serverity": "\u9ad8",
  "submitTime": "2021-09-07",
  "title": "Aruba Networks ArubaOS\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2021-71258\uff09"
}

FKIE_CVE-2021-37721

Vulnerability from fkie_nvd - Published: 2021-09-07 13:15 - Updated: 2024-11-21 06:15

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-alert@hpe.com	https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf	Mitigation, Third Party Advisory
security-alert@hpe.com	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
arubanetworks	sd-wan	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
arubanetworks	arubaos	*
siemens	scalance_w1750d_firmware	-
siemens	scalance_w1750d	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
              "versionEndExcluding": "2.2.0.4",
              "versionStartIncluding": "2.2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE",
              "versionEndExcluding": "6.4.4.25",
              "versionStartIncluding": "6.4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5",
              "versionEndExcluding": "6.5.4.20",
              "versionStartIncluding": "6.5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
              "versionEndExcluding": "8.3.0.16",
              "versionStartIncluding": "8.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A",
              "versionEndExcluding": "8.5.0.13",
              "versionStartIncluding": "8.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28",
              "versionEndExcluding": "8.6.0.9",
              "versionStartIncluding": "8.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
              "versionEndExcluding": "8.7.1.4",
              "versionStartIncluding": "8.7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-37721",
  "lastModified": "2024-11-21T06:15:48.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-07T13:15:07.773",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QX8P-M7P2-H44C

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-37721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-07T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.",
  "id": "GHSA-qx8p-m7p2-h44c",
  "modified": "2022-05-24T19:13:13Z",
  "published": "2022-05-24T19:13:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37721"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-37721 (GCVE-0-2021-37721)

GSD-2021-37721

CERTFR-2021-AVI-774

Solution

CERTFR-2021-AVI-668

Solution

CNVD-2021-71258

FKIE_CVE-2021-37721

GHSA-QX8P-M7P2-H44C

Tags

Sightings

Nomenclature