Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-25141

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

Published

2021-02-09T17:15:14.780

Last Modified

2024-11-21T05:54:25.993

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arubanetworks	aruba_5406r_zl2_firmware	< kb.16.10.0012	Yes
Hardware	arubanetworks	aruba_5406r_zl2	-	No
Operating System	arubanetworks	aruba_5412r_zl2_firmware	< kb.16.10.0012	Yes
Hardware	arubanetworks	aruba_5412r_zl2	-	No
Operating System	arubanetworks	aruba_3810m_firmware	< kb.16.10.0012	Yes
Hardware	arubanetworks	aruba_3810m	-	No
Operating System	arubanetworks	aruba_2930m_firmware	< wc.16.10.0012	Yes
Hardware	arubanetworks	aruba_2930m	-	No
Operating System	arubanetworks	aruba_2930f_firmware	< wc.16.10.0012	Yes
Hardware	arubanetworks	aruba_2930f	-	No
Operating System	arubanetworks	aruba_2920_firmware	< wb.16.10.0011	Yes
Hardware	arubanetworks	aruba_2920	-	No
Operating System	arubanetworks	aruba_2540_firmware	< yc.16.10.0012	Yes
Hardware	arubanetworks	aruba_2540	-	No
Operating System	arubanetworks	aruba_2530ya_firmware	< ya.16.10.0012	Yes
Hardware	arubanetworks	aruba_2530ya	-	No
Operating System	arubanetworks	aruba_3800_firmware	< ka.16.04.0022	Yes
Hardware	arubanetworks	aruba_3800	-	No
Operating System	arubanetworks	aruba_2620_firmware	< ra.16.04.0022	Yes
Hardware	arubanetworks	aruba_2620	-	No
Operating System	hpe	8200_zl_firmware	< k.15.18.0024	Yes
Hardware	hpe	8200_zl	-	No
Operating System	hpe	6200_yl_firmware	< k.15.18.0024	Yes
Hardware	hpe	6200_yl	-	No
Operating System	hpe	3500_firmware	< k.16.02.0032	Yes
Hardware	hpe	3500	-	No
Operating System	hpe	3500_yl_firmware	< k.16.02.0032	Yes
Hardware	hpe	3500_yl	-	No
Operating System	arubanetworks	aruba_2530yb_firmware	< yb.16.10.0012	Yes
Hardware	arubanetworks	aruba_2530yb	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)