CVE-2022-37907

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
hpeCNA
5.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
arubanetworkssd-wan
8.7.0.0-2.3.0.0 ≤
𝑥
< 8.7.0.0-2.3.0.6
arubanetworksarubaos
6.5.4.0 ≤
𝑥
< 6.5.4.22
arubanetworksarubaos
8.4.0.0 ≤
𝑥
< 8.6.0.17
arubanetworksarubaos
8.7.0.0 ≤
𝑥
< 8.7.1.9
arubanetworksarubaos
8.8.0.0 ≤
𝑥
< 10.3.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt