CVE-2021-29149

Published Jul 22, 2021
Last updated 2 years ago
CVSS medium 6.2
Overview

Description: A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.
Source: security-alert@hpe.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.2
Impact score: 5.9
Exploitability score: 0.3
Vector string: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8360:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9440291-26BB-4BBD-84BA-B347484839F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B1F32A-5105-4EBE-B109-00614703FB17",
            "versionEndExcluding": "10.04.3070",
            "versionStartIncluding": "10.04.000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1CD3AAE-04C8-4032-BB8E-3F4651793A1C",
            "versionEndExcluding": "10.05.0070",
            "versionStartIncluding": "10.05.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B1D827-1B60-4B35-B178-EFD9B3C9E13C",
            "versionEndIncluding": "10.06.0110",
            "versionStartIncluding": "10.06.0000"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5713C22-E3AB-415E-B7B8-1FB4B008AA65",
            "versionEndIncluding": "10.07.0001",
            "versionStartIncluding": "10.07.0000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
