CVE-2022-37932

HIGH EXPLOITED NUCLEI

HPE Officeconnect 1820 J9979a Firmware - Authentication Bypass

Title source: rule

Description

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

Exploits (1)

nomisec WRITEUP

by Tim-Hoekstra · remote

https://github.com/Tim-Hoekstra/CVE-2022-37932

View Code ZIP pw:eip

Nuclei Templates (1)

HP Switch - Authentication Bypass

HIGHVERIFIEDby Phulelouch

Shodan: html:"HPE OfficeConnect"

References (1)

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_us

Scores

CVSS v3 8.8

EPSS 0.6973

EPSS Percentile 98.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-09-25

Status published

Products (19)

hpe/officeconnect_1820_j9979a_firmware < pt.02.14

hpe/officeconnect_1820_j9980a_firmware < pt.02.14

hpe/officeconnect_1820_j9981a_firmware < pt.02.14

hpe/officeconnect_1820_j9982a_firmware < pt.02.14

hpe/officeconnect_1820_j9983a_firmware < pt.02.14

hpe/officeconnect_1820_j9984a_firmware < pt.02.14

hpe/officeconnect_1850_24g_2xgt_firmware < pc.01.22

hpe/officeconnect_1850_24g_2xgt_poe\+_firmware < pc.01.22

hpe/officeconnect_1850_2xgt\/spf\+_firmware < po.01.21

hpe/officeconnect_1850_48g_4xgt_firmware < pc.01.22

... and 9 more

Published Dec 12, 2022

Tracked Since Feb 18, 2026