CVE-2021-29148

Published Jul 22, 2021
Last updated 3 years ago
CVSS medium 6.1
Overview

Description: A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.
Source: security-alert@hpe.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
