CVE-2022-37891

CRITICAL

Arubanetworks Arubaos < 10.3.1.1 - Buffer Overflow

Title source: rule

Description

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

References (2)

Core 2

Core References

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt

Scores

CVSS v3 9.8

EPSS 0.0302

EPSS Percentile 86.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (3)

arubanetworks/arubaos 10.3.0.0 - 10.3.1.1

arubanetworks/instant 6.4.0.0 - 6.4.4.8-4.2.4.21

siemens/scalance_w1750d_firmware

Published Oct 07, 2022

Tracked Since Feb 18, 2026