Sign-up

ID

VAR-202107-0989


CVE

CVE-2021-34618


TITLE

Aruba Instant Access Point  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-009995

DESCRIPTION

A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Networks Instant is a set of enterprise wireless LAN construction solutions from Aruba Networks

Trust: 1.8

sources: NVD: CVE-2021-34618 // JVNDB: JVNDB-2021-009995 // VULHUB: VHN-394817 // VULMON: CVE-2021-34618

AFFECTED PRODUCTS

vendor:arubamodel:instantscope:gteversion:8.6.0

Trust: 1.0

vendor:arubamodel:instantscope:gteversion:8.3.0

Trust: 1.0

vendor:arubamodel:instantscope:lteversion:6.4.4.8-4.2.4.18

Trust: 1.0

vendor:arubamodel:instantscope:gteversion:6.4.0

Trust: 1.0

vendor:arubamodel:instantscope:lteversion:8.6.0.7

Trust: 1.0

vendor:arubamodel:instantscope:lteversion:6.5.4.18

Trust: 1.0

vendor:arubamodel:instantscope:lteversion:8.3.0.14

Trust: 1.0

vendor:arubamodel:instantscope:lteversion:8.7.1.1

Trust: 1.0

vendor:arubamodel:instantscope:gteversion:8.7.0

Trust: 1.0

vendor:arubamodel:instantscope:gteversion:8.4.0

Trust: 1.0

vendor:arubamodel:instantscope:lteversion:8.5.0.11

Trust: 1.0

vendor:arubamodel:instantscope:gteversion:6.5.0

Trust: 1.0

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:6.4.4.8-4.2.4.18 for up to 6.4.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.5.0.11 for up to 8.5.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.3.0.14 for up to 8.3.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:6.5.4.18 for up to 6.5.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.6.0.7 for up to 8.6.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.7.1.1 for up to 8.7.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.4.x

Trust: 0.8

sources: JVNDB: JVNDB-2021-009995 // NVD: CVE-2021-34618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34618
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34618
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202107-1309
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394817
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-34618
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-394817
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34618
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-34618
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394817 // JVNDB: JVNDB-2021-009995 // CNNVD: CNNVD-202107-1309 // NVD: CVE-2021-34618

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009995 // NVD: CVE-2021-34618

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1309

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202107-1309

PATCH

title:ARUBA-PSA-2021-007url:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt

Trust: 0.8

title:Aruba Networks Instant Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159442

Trust: 0.6

sources: JVNDB: JVNDB-2021-009995 // CNNVD: CNNVD-202107-1309

EXTERNAL IDS

db:NVDid:CVE-2021-34618

Trust: 3.4

db:JVNDBid:JVNDB-2021-009995

Trust: 0.8

db:CNNVDid:CNNVD-202107-1309

Trust: 0.7

db:ICS CERTid:ICSA-21-131-14

Trust: 0.6

db:VULHUBid:VHN-394817

Trust: 0.1

db:VULMONid:CVE-2021-34618

Trust: 0.1

sources: VULHUB: VHN-394817 // VULMON: CVE-2021-34618 // JVNDB: JVNDB-2021-009995 // CNNVD: CNNVD-202107-1309 // NVD: CVE-2021-34618

REFERENCES

url:https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-34618

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394817 // VULMON: CVE-2021-34618 // JVNDB: JVNDB-2021-009995 // CNNVD: CNNVD-202107-1309 // NVD: CVE-2021-34618

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-1309

SOURCES

db:VULHUBid:VHN-394817
db:VULMONid:CVE-2021-34618
db:JVNDBid:JVNDB-2021-009995
db:CNNVDid:CNNVD-202107-1309
db:NVDid:CVE-2021-34618

LAST UPDATE DATE

2024-08-14T12:54:34.361000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394817date:2021-07-29T00:00:00
db:VULMONid:CVE-2021-34618date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009995date:2022-06-13T07:20:00
db:CNNVDid:CNNVD-202107-1309date:2021-08-11T00:00:00
db:NVDid:CVE-2021-34618date:2021-07-29T15:17:34.050

SOURCES RELEASE DATE

db:VULHUBid:VHN-394817date:2021-07-19T00:00:00
db:VULMONid:CVE-2021-34618date:2021-07-19T00:00:00
db:JVNDBid:JVNDB-2021-009995date:2022-06-13T00:00:00
db:CNNVDid:CNNVD-202107-1309date:2021-07-19T00:00:00
db:NVDid:CVE-2021-34618date:2021-07-19T20:15:08.743