CVE-2021-29148: XSS
First published: Thu Jul 22 2021(Updated: )
A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aruba Networks AOS-CX | >=10.04.000<10.04.3070 | |
| Aruba Networks AOS-CX | >=10.05.0000<10.05.0070 | |
| Aruba Networks AOS-CX | >=10.06.0000<=10.06.0110 | |
| Aruba Networks AOS-CX | >=10.07.0000<=10.07.0001 | |
| Aruba CX 6200F | ||
| Aruba Networks CX 6300 | ||
| Aruba Networks CX 6400 | ||
| Aruba CX 8320 | ||
| Aruba Networks CX 8325 Firmware | ||
| Aruba CX 8360 | ||
| Aruba Networks CX 8400 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-29148?
CVE-2021-29148 is classified as a local cross-site scripting (XSS) vulnerability.
How do I fix CVE-2021-29148?
To remediate CVE-2021-29148, update the affected Aruba AOS-CX firmware to a patched version beyond 10.04.xxxx, 10.05.xxxx, 10.06.xxxx, or 10.07.xxxx.
Which devices are affected by CVE-2021-29148?
CVE-2021-29148 affects Aruba CX 6200F, 6300, 6400, 8320, 8325, 8400, and 8360 Switch Series running specific vulnerable firmware versions.
What versions of Aruba AOS-CX are vulnerable to CVE-2021-29148?
Vulnerable versions of Aruba AOS-CX firmware include 10.04.xxxx, 10.05.xxxx, 10.06.xxxx, and 10.07.xxxx.
Is there a known exploit for CVE-2021-29148?
While the details of an exploit are not specified, the local XSS nature of CVE-2021-29148 suggests potential for exploitation in local network scenarios.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/arubanetworks
- canonical/aruba networks aos-cx
- version/aruba networks aos-cx/10.04.000
- version/aruba networks aos-cx/10.05.0000
- version/aruba networks aos-cx/10.06.0000
- version/aruba networks aos-cx/10.06.0110
- version/aruba networks aos-cx/10.07.0000
- version/aruba networks aos-cx/10.07.0001
- canonical/aruba cx 6200f
- canonical/aruba networks cx 6300
- canonical/aruba networks cx 6400
- canonical/aruba cx 8320
- canonical/aruba networks cx 8325 firmware
- canonical/aruba cx 8360
- canonical/aruba networks cx 8400