Details of VAR-202103-1347

ID

VAR-202103-1347

CVE

CVE-2021-25159

TITLE

Aruba Instant Access Point Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004920

DESCRIPTION

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-25159 // JVNDB: JVNDB-2021-004920 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-25159

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance w1750d	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.3.0.0	Trust: 1.0
vendor:	siemens	model:	scalance w1750d	scope:	lt	version:	8.7.1.3	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	6.4.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.5.0.12	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.7.1.2	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.6.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.6.0.8	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.5.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lte	version:	6.4.4.8-4.2.4.18	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	8.3.0.15	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	lt	version:	6.5.4.19	Trust: 1.0
vendor:	arubanetworks	model:	instant	scope:	gte	version:	8.7.0.0	Trust: 1.0
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	6.4.4.8-4.2.4.17 for up to 6.4.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.5.0.11 for up to 8.5.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.6.0.7 for up to 8.6.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.7.1.1 for up to 8.7.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	6.5.4.18 for up to 6.5.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	8.3.0.14 for up to 8.3.x	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba instant	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004920 // NVD: CVE-2021-25159

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-25159
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1642
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-25159
value:	HIGH
Trust: 0.1

VULMON:	CVE-2021-25159
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

NVD:	CVE-2021-25159
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25159
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-25159 // JVNDB: JVNDB-2021-004920 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1642 // NVD: CVE-2021-25159

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004920 // NVD: CVE-2021-25159

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1642

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-25159

PATCH

title:	ARUBA-PSA-2021-007	url:	https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt	Trust: 0.8
title:	Aruba Instant Access Point Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146383	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b1ac2d6b2f8faa082fe9da88ef8fd61d	Trust: 0.1

sources: VULMON: CVE-2021-25159 // JVNDB: JVNDB-2021-004920 // CNNVD: CNNVD-202103-1642

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25159	Trust: 2.5
db:	SIEMENS	id:	SSA-723417	Trust: 1.7
db:	PACKETSTORM	id:	163522	Trust: 1.6
db:	JVN	id:	JVNVU91051134	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-004920	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021051408	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-131-14	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1642	Trust: 0.6
db:	VULMON	id:	CVE-2021-25159	Trust: 0.1

sources: VULMON: CVE-2021-25159 // JVNDB: JVNDB-2021-004920 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1642 // NVD: CVE-2021-25159

REFERENCES

url:	https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf	Trust: 1.7
url:	https://packetstormsecurity.com/files/163522/aruba-instant-iap-remote-code-execution.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25159	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91051134/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021051408	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt	Trust: 0.1

sources: VULMON: CVE-2021-25159 // JVNDB: JVNDB-2021-004920 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1642 // NVD: CVE-2021-25159

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202103-1642

SOURCES

db:	VULMON	id:	CVE-2021-25159
db:	JVNDB	id:	JVNDB-2021-004920
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202103-1642
db:	NVD	id:	CVE-2021-25159

LAST UPDATE DATE

2022-05-04T08:02:44.712000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-25159	date:	2021-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-004920	date:	2021-12-02T08:25:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202103-1642	date:	2021-08-11T00:00:00
db:	NVD	id:	CVE-2021-25159	date:	2022-04-22T18:35:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-25159	date:	2021-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-004920	date:	2021-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202103-1642	date:	2021-03-29T00:00:00
db:	NVD	id:	CVE-2021-25159	date:	2021-03-30T02:15:00