Details of VAR-202103-1340

ID

VAR-202103-1340

CVE

CVE-2021-25148

TITLE

Aruba Instant Access Point Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005004

DESCRIPTION

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-25148 // JVNDB: JVNDB-2021-005004 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-25148

AFFECTED PRODUCTS

vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.3.0.14	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.5.0.11	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.3.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.6.0.5	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.5.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	6.5.4.18	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.6.0.0	Trust: 1.0
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.5.0.10 for up to 8.5.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.6.0.4 for up to 8.6.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.3.0.13 for up to 8.3.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	6.5.4.17 for up to 6.5.x	Trust: 0.8

sources: JVNDB: JVNDB-2021-005004 // NVD: CVE-2021-25148

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-25148
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1588
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-25148
value:	HIGH
Trust: 0.1

VULMON:	CVE-2021-25148
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

NVD:	CVE-2021-25148
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25148
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-25148 // JVNDB: JVNDB-2021-005004 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1588 // NVD: CVE-2021-25148

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005004 // NVD: CVE-2021-25148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1588

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-25148

PATCH

title:	ARUBA-PSA-2021-007	url:	https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt	Trust: 0.8
title:	Aruba Access Points Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146366	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b1ac2d6b2f8faa082fe9da88ef8fd61d	Trust: 0.1

sources: VULMON: CVE-2021-25148 // JVNDB: JVNDB-2021-005004 // CNNVD: CNNVD-202103-1588

EXTERNAL IDS

db:	SIEMENS	id:	SSA-723417	Trust: 2.5
db:	NVD	id:	CVE-2021-25148	Trust: 2.5
db:	JVN	id:	JVNVU91051134	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-005004	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021051408	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-131-14	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1588	Trust: 0.6
db:	VULMON	id:	CVE-2021-25148	Trust: 0.1

sources: VULMON: CVE-2021-25148 // JVNDB: JVNDB-2021-005004 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1588 // NVD: CVE-2021-25148

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf	Trust: 2.5
url:	https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25148	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91051134/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021051408	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt	Trust: 0.1

sources: VULMON: CVE-2021-25148 // JVNDB: JVNDB-2021-005004 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1588 // NVD: CVE-2021-25148

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202103-1588

SOURCES

db:	VULMON	id:	CVE-2021-25148
db:	JVNDB	id:	JVNDB-2021-005004
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202103-1588
db:	NVD	id:	CVE-2021-25148

LAST UPDATE DATE

2022-05-04T08:08:57.961000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-25148	date:	2021-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-005004	date:	2021-12-06T03:21:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202103-1588	date:	2021-08-11T00:00:00
db:	NVD	id:	CVE-2021-25148	date:	2021-05-11T13:15:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-25148	date:	2021-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-005004	date:	2021-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202103-1588	date:	2021-03-29T00:00:00
db:	NVD	id:	CVE-2021-25148	date:	2021-03-30T00:15:00