CVE-2020-7121

Published Sep 23, 2020

Last updated a year ago

CVSS high 7.5

Overview

Description: Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.
Source: security-alert@hpe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A77C7E5B-3EAB-4A52-99CF-D2C07B1EA823",
            "versionEndIncluding": "10.04.3021"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F5C8F4-D85F-42C9-96F7-CD91DAA94FF0",
            "versionEndIncluding": "10.04.3021"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4BC17A7-2155-4A01-837B-05992EABD0D1",
            "versionEndIncluding": "10.04.3021"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0123075E-D9A9-46F4-B857-A05ABBED38B5",
            "versionEndIncluding": "10.04.3021"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D88D164C-70ED-48F4-BF0D-595A27F81B12",
            "versionEndIncluding": "10.04.3021"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0504A5A3-A49A-4DEA-9B26-85CD6545932B",
            "versionEndIncluding": "10.04.3021"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References