CVE-2020-24637: Buffer Overflow

First published: Fri Dec 11 2020(Updated: )

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Credit: security-alert@hpe.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/author
• agent/references
• agent/last-modified-date
• agent/weakness
• agent/severity
• agent/first-publish-date
• agent/event
• agent/description
• agent/source
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• vendor/arubanetworks
• canonical/arubanetworks arubaos
• version/arubanetworks arubaos/8.6.0.0
• version/arubanetworks arubaos/8.7.0.0
• canonical/aruba networks 7005
• canonical/aruba networks 7008
• canonical/aruba 7010
• canonical/aruba networks 7024
• canonical/aruba networks 7030
• canonical/aruba networks 7205
• canonical/aruba networks 7210
• canonical/aruba networks 7220
• canonical/aruba networks 7240xm
• canonical/aruba networks 7280
• canonical/aruba networks sd-wan
• version/aruba networks sd-wan/2.2.0.0
• canonical/aruba networks 9004
• canonical/arubanetworks 9004-lte
• canonical/aruba networks 9012