What is CVE-2021-37731?

CVE-2021-37731 is a local path traversal vulnerability discovered in Aruba SD-WAN Software and Gateways and Aruba Operating System Software versions prior to 8.6.0.0-2.2.0.4, 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16.

How severe is CVE-2021-37731?

CVE-2021-37731 has a severity rating of 6.2 (High).

What software is affected by CVE-2021-37731?

Aruba SD-WAN Software and Gateways and ArubaOS versions prior to 8.6.0.0-2.2.0.4, 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16 are affected by CVE-2021-37731.

How can I fix or patch CVE-2021-37731?

Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address the vulnerability. Please refer to the Aruba advisory for specific patching instructions.

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-37731?

CVE-2021-37731 is associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

Vulnerability/
CVE-2021-37731

high

7.2

CWE

7/9/2021

26/11/2021

CVE-2021-37731: Path Traversal

First published: Tue Sep 07 2021(Updated: )

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
Arubanetworks Sd-wan	>=2.2.0.0<2.2.0.4
Arubanetworks Arubaos	>=8.3.0.0<8.3.0.15
Arubanetworks Arubaos	>=8.5.0.0<8.5.0.12
Arubanetworks Arubaos	>=8.6.0.0<8.6.0.8
Arubanetworks Arubaos	>=8.7.0.0<8.7.1.2
Arubanetworks 7005
Arubanetworks 7008
Arubanetworks 7010
Arubanetworks 7024
Arubanetworks 7030
Arubanetworks 7205
Arubanetworks 7210
Arubanetworks 7220
Arubanetworks 7240xm
Arubanetworks 7280
Arubanetworks 9004
Arubanetworks 9004-lte
Arubanetworks 9012
Siemens Scalance W1750d Firmware	<8.7.1.3
Siemens SCALANCE W1750D

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-37731?
CVE-2021-37731 is a local path traversal vulnerability discovered in Aruba SD-WAN Software and Gateways and Aruba Operating System Software versions prior to 8.6.0.0-2.2.0.4, 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16.
How severe is CVE-2021-37731?
CVE-2021-37731 has a severity rating of 6.2 (High).
What software is affected by CVE-2021-37731?
Aruba SD-WAN Software and Gateways and ArubaOS versions prior to 8.6.0.0-2.2.0.4, 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16 are affected by CVE-2021-37731.
How can I fix or patch CVE-2021-37731?
Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address the vulnerability. Please refer to the Aruba advisory for specific patching instructions.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-37731?
CVE-2021-37731 is associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
vendor/arubanetworks
canonical/arubanetworks sd-wan
version/arubanetworks sd-wan/2.2.0.0
canonical/arubanetworks arubaos
version/arubanetworks arubaos/8.3.0.0
version/arubanetworks arubaos/8.5.0.0
version/arubanetworks arubaos/8.6.0.0
version/arubanetworks arubaos/8.7.0.0
canonical/arubanetworks 7005
canonical/arubanetworks 7008
canonical/arubanetworks 7010
canonical/arubanetworks 7024
canonical/arubanetworks 7030
canonical/arubanetworks 7205
canonical/arubanetworks 7210
canonical/arubanetworks 7220
canonical/arubanetworks 7240xm
canonical/arubanetworks 7280
canonical/arubanetworks 9004
canonical/arubanetworks 9004-lte
canonical/arubanetworks 9012
vendor/siemens
canonical/siemens scalance w1750d firmware
canonical/siemens scalance w1750d