CVE-2022-37934

MEDIUM

HPE OfficeConnect 1820 and 1850 Switch Series - Remote Path Traversal

Title source: llm

Description

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us

Scores

CVSS v3 6.8

EPSS 0.0056

EPSS Percentile 68.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (10)

hp/officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware < pt.02.17

hp/officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware < pt.02.17

hp/officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware < pt.02.17

hp/officeconnect_1820_8g_switch_j9979a_firmware < pt.02.17

hpe/officeconnect_1850_24g_2xgt_firmware < pc.01.23

hpe/officeconnect_1850_24g_2xgt_poe\+_firmware < pc.01.23

hpe/officeconnect_1850_2xgt\/spf\+_firmware < po.01.22

hpe/officeconnect_1850_48g_4xgt_firmware < pc.01.23

hpe/officeconnect_1850_48g_4xgt_poe\+_firmware < pc.01.23

hpe/officeconnect_1850_6xgt_firmware < pc.01.23

Published Jan 05, 2023

Tracked Since Feb 18, 2026