CVE-2020-24637
HIGHArubaOS < 8.5.0.11 and SD-WAN < 2.1.0.2 - Secure Boot Bypass via GRUB2 Implementation
Title source: llmDescription
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us
Scores
CVSS v3
7.2
EPSS
0.0052
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
arubanetworks/arubaos
< 8.5.0.11
arubanetworks/sd-wan
< 2.1.0.2
Published
Dec 11, 2020
Tracked Since
Feb 18, 2026