CVE-2022-37903

EUVD-2022-40510
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
hpeCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
arubanetworkssd-wan
8.7.0.0-2.3.0.0 ≤
𝑥
< 8.7.0.0-2.3.0.7
arubanetworksarubaos
6.5.4.0 ≤
𝑥
< 6.5.4.23
arubanetworksarubaos
8.4.0.0 ≤
𝑥
< 8.6.0.18
arubanetworksarubaos
8.7.0.0 ≤
𝑥
< 8.7.1.10
arubanetworksarubaos
8.8.0.0 ≤
𝑥
≤ 8.9.0.3
arubanetworksarubaos
10.3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt