Unrated severityNVD Advisory· Published Oct 6, 2022· Updated Aug 3, 2024

CVE-2022-37888

Description

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Affected products

Aruba Networks/InstantOS and ArubaOS 10description
Arubanetworks/Aruba InstantOSllm-fuzzy
Range: 6.4.4.8-4.2.4.20 and below; 6.5.4.23 and below; 8.6.0.18 and below; 8.7.1.9 and below; 8.10.0.1 and below
Arubanetworks/ArubaOS-CXllm-fuzzy
Range: <=10.3.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000