Detections
Analytics

ArubaOS-Switch 16.08 < 16.08.0009 / 16.09 < 16.09.0007 / 16.10 < 16.10.0003 (ARUBA-PSA-2020-001)

high Nessus Plugin ID 150081

Language:

Synopsis

An application installed on the remote host is affected by an information disclosure vulnerability.

Description

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ArubaOS-Switch version 16.08.0009, 16.09.0007, 16.10.0003 or later.

See Also

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt

Plugin Details

Severity: High

ID: 150081

File Name: arubaos-switch_aruba-psa-2020-001.nasl

Version: 1.3

Type: combined

Family: Misc.

Published: 6/1/2021

Updated: 7/1/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-5322

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:arubanetworks:arubaos, cpe:/o:hp:arubaos, x-cpe:/o:arubanetworks:arubaos-switch

Exploit Ease: No known exploits are available

Patch Publication Date: 2/12/2020

Vulnerability Publication Date: 2/12/2020

Reference Information

CVE: CVE-2019-5322