CVE-2022-37903

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
hpeCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
arubanetworkssd-wan
8.7.0.0-2.3.0.0 ≤
𝑥
< 8.7.0.0-2.3.0.7
arubanetworksarubaos
6.5.4.0 ≤
𝑥
< 6.5.4.23
arubanetworksarubaos
8.4.0.0 ≤
𝑥
< 8.6.0.18
arubanetworksarubaos
8.7.0.0 ≤
𝑥
< 8.7.1.10
arubanetworksarubaos
8.8.0.0 ≤
𝑥
≤ 8.9.0.3
arubanetworksarubaos
10.3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt