CVE-2022-37908

MEDIUM

Arubanetworks Sd-wan - Download Without Integrity Check

Title source: rule

Description

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

References (1)

[Vendor Advisory] https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Scores

CVSS v3 5.8

EPSS 0.0009

EPSS Percentile 25.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-494

Status published

Products (2)

arubanetworks/arubaos 6.5.4.0 - 6.5.4.22

arubanetworks/sd-wan 8.7.0.0-2.3.0.0 - 8.7.0.0-2.3.0.6

Published Dec 12, 2022

Tracked Since Feb 18, 2026