First published: Thu Nov 03 2022(Updated: )
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Sd-wan | >=8.7.0.0-2.3.0.0<8.7.0.0-2.3.0.6 | |
Arubanetworks Arubaos | >=6.5.4.0<6.5.4.22 | |
Arubanetworks Arubaos | >=8.4.0.0<8.6.0.17 | |
Arubanetworks Arubaos | >=8.7.0.0<8.7.1.9 | |
Arubanetworks Arubaos | >=8.8.0.0<10.3.0.1 | |
Arubanetworks 7005 | ||
Arubanetworks 7008 | ||
Arubanetworks 7010 | ||
Arubanetworks 7024 | ||
Arubanetworks 7030 | ||
Arubanetworks 7205 | ||
Arubanetworks 7210 | ||
Arubanetworks 7220 | ||
Arubanetworks 7240xm | ||
Arubanetworks 7280 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37908 is a vulnerability that allows an authenticated attacker to impact the integrity of the ArubaOS bootloader on 7xxx series controllers, compromising the hardware chain of trust.
CVE-2022-37908 affects the ArubaOS bootloader on 7xxx series controllers, potentially compromising the entire hardware chain of trust.
ArubaOS versions 6.5.4.0 to 6.5.4.22, 8.4.0.0 to 8.6.0.17, and 8.7.0.0 to 8.7.1.9 are affected by CVE-2022-37908.
CVE-2022-37908 has a severity level of 6.5 out of 10, which is considered medium.
Aruba Networks has released a security advisory with mitigation steps, which can be found at the referenced link.