CVE-2021-25155
First published: Tue Mar 30 2021(Updated: )
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Instant | >=6.4.0.0<=6.4.4.8-4.2.4.18 | |
| Arubanetworks Instant | >=6.5.0.0<6.5.4.19 | |
| Arubanetworks Instant | >=8.3.0.0<8.3.0.15 | |
| Arubanetworks Instant | >=8.5.0.0<8.5.0.12 | |
| Arubanetworks Instant | >=8.6.0.0<8.6.0.7 | |
| Arubanetworks Instant | >=8.7.0.0<8.7.1.1 | |
| Siemens Scalance W1750d Firmware | >=8.7.0<8.7.1.3 | |
| Siemens SCALANCE W1750D |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-25155.
What is the severity level of CVE-2021-25155?
The severity level of CVE-2021-25155 is high with a severity value of 6.5.
Which Aruba Instant Access Point products are affected by CVE-2021-25155?
The Aruba Instant Access Point products affected by CVE-2021-25155 are Aruba Instant 6.4.x, Aruba Instant 6.5.x, Aruba Instant 8.3.x, and Aruba Instant 8.5.x.
How can the vulnerability be exploited?
The vulnerability can be exploited remotely to perform arbitrary file modifications.
Are there any patches or updates available to fix CVE-2021-25155?
Yes, patches and updates are available to fix CVE-2021-25155. It is recommended to update to the latest version of the affected software.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/arubanetworks
- canonical/arubanetworks instant
- version/arubanetworks instant/6.4.0.0
- version/arubanetworks instant/6.4.4.8-4.2.4.18
- version/arubanetworks instant/6.5.0.0
- version/arubanetworks instant/8.3.0.0
- version/arubanetworks instant/8.5.0.0
- version/arubanetworks instant/8.6.0.0
- version/arubanetworks instant/8.7.0.0
- vendor/siemens
- canonical/siemens scalance w1750d firmware
- version/siemens scalance w1750d firmware/8.7.0
- canonical/siemens scalance w1750d