Details of VAR-202103-1343

ID

VAR-202103-1343

CVE

CVE-2021-25155

TITLE

Aruba Instant Access Point Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004998

DESCRIPTION

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-25155 // JVNDB: JVNDB-2021-004998 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-25155

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance w1750d	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.3.0.0	Trust: 1.0
vendor:	siemens	model:	scalance w1750d	scope:	lt	version:	8.7.1.3	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	6.4.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.5.0.12	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.6.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.7.1.1	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.5.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lte	version:	6.4.4.8-4.2.4.18	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.6.0.7	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.3.0.15	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	6.5.4.19	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.7.0.0	Trust: 1.0
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.7.1.0 for up to 8.7.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	6.4.4.8-4.2.4.17 for up to 6.4.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.6.0.6 for up to 8.6.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.5.0.11 for up to 8.5.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.3.0.14 for up to 8.3.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	6.5.4.18 for up to 6.5.x	Trust: 0.8

sources: JVNDB: JVNDB-2021-004998 // NVD: CVE-2021-25155

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-25155
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1619
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-25155
value:	HIGH
Trust: 0.1

VULMON:	CVE-2021-25155
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

NVD:	CVE-2021-25155
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25155
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-25155 // JVNDB: JVNDB-2021-004998 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1619 // NVD: CVE-2021-25155

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004998 // NVD: CVE-2021-25155

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1619

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-25155

PATCH

title:	ARUBA-PSA-2021-007	url:	https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt	Trust: 0.8
title:	Aruba Access Points Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146372	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b1ac2d6b2f8faa082fe9da88ef8fd61d	Trust: 0.1

sources: VULMON: CVE-2021-25155 // JVNDB: JVNDB-2021-004998 // CNNVD: CNNVD-202103-1619

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25155	Trust: 2.5
db:	PACKETSTORM	id:	163522	Trust: 2.4
db:	PACKETSTORM	id:	163524	Trust: 1.7
db:	SIEMENS	id:	SSA-723417	Trust: 1.7
db:	JVN	id:	JVNVU91051134	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-004998	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-131-14	Trust: 0.6
db:	CS-HELP	id:	SB2021051408	Trust: 0.6
db:	EXPLOIT-DB	id:	50133	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1619	Trust: 0.6
db:	VULMON	id:	CVE-2021-25155	Trust: 0.1

sources: VULMON: CVE-2021-25155 // JVNDB: JVNDB-2021-004998 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1619 // NVD: CVE-2021-25155

REFERENCES

url:	http://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html	Trust: 3.0
url:	https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf	Trust: 1.7
url:	https://packetstormsecurity.com/files/163524/aruba-instant-8.7.1.0-arbitrary-file-modification.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25155	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91051134/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50133	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021051408	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt	Trust: 0.1

sources: VULMON: CVE-2021-25155 // JVNDB: JVNDB-2021-004998 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1619 // NVD: CVE-2021-25155

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202103-1619

SOURCES

db:	VULMON	id:	CVE-2021-25155
db:	JVNDB	id:	JVNDB-2021-004998
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202103-1619
db:	NVD	id:	CVE-2021-25155

LAST UPDATE DATE

2022-05-04T07:28:09.168000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-25155	date:	2021-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-004998	date:	2021-12-06T01:58:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202103-1619	date:	2022-04-24T00:00:00
db:	NVD	id:	CVE-2021-25155	date:	2022-04-22T18:20:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-25155	date:	2021-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-004998	date:	2021-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202103-1619	date:	2021-03-29T00:00:00
db:	NVD	id:	CVE-2021-25155	date:	2021-03-30T01:15:00