CVE-2019-5317

Published Mar 29, 2021

Last updated 2 years ago

CVSS medium 6.8

Overview

Description: A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Source: security-alert@hpe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60DB6954-B71C-4473-A746-7D8D588360A4",
            "versionEndIncluding": "6.4.4.8-4.2.4.18",
            "versionStartIncluding": "6.4.0.0"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80421624-CABE-45F8-9B05-2F7B2DCC36E0",
            "versionEndExcluding": "6.5.4.16",
            "versionStartIncluding": "6.5.0.0"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7204DFE4-A95D-4D06-8435-C01A3DB4E9BA",
            "versionEndExcluding": "8.3.0.12",
            "versionStartIncluding": "8.3.0.0"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "510D1437-FE00-4B6C-8561-07EDC058EE92",
            "versionEndExcluding": "8.4.0.6",
            "versionStartIncluding": "8.4.0.0"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962",
            "versionEndExcluding": "8.5.0.7",
            "versionStartIncluding": "8.5.0.0"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E",
            "versionEndExcluding": "8.6.0.3",
            "versionStartIncluding": "8.6.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8",
            "versionEndExcluding": "8.7.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References