CVE-2020-7121

EUVD-2020-28255
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
arubanetworkscx_6200f_firmware
𝑥
≤ 10.04.3021
arubanetworkscx_6300_firmware
𝑥
≤ 10.04.3021
arubanetworkscx_6400_firmware
𝑥
≤ 10.04.3021
arubanetworkscx_8320_firmware
𝑥
≤ 10.04.3021
arubanetworkscx_8325_firmware
𝑥
≤ 10.04.3021
arubanetworkscx_8400_firmware
𝑥
≤ 10.04.3021
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt