ID
VAR-202109-1854
CVE
CVE-2021-37733
TITLE
Aruba Operating System Path traversal vulnerability
Trust: 0.6
sources:
CNNVD: CNNVD-202109-004
DESCRIPTION
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability
Trust: 0.99
sources:
NVD: CVE-2021-37733 //
VULMON: CVE-2021-37733
AFFECTED PRODUCTS
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.5.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | sd-wan | scope: | lt | version: | 2.2.0.4 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.3.0.16 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.6.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.7.0.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance w1750d | scope: | lt | version: | 8.7.1.3 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.3.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | sd-wan | scope: | gte | version: | 2.2.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.6.0.7 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.7.1.1 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.5.0.11 | Trust: 1.0 |
sources:
NVD: CVE-2021-37733
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
NVD: CVE-2021-37733 //
CNNVD: CNNVD-202109-004 //
VULMON: CVE-2021-37733
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.0 |
sources:
NVD: CVE-2021-37733
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202109-004
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-202109-004
CONFIGURATIONS
sources:
NVD: CVE-2021-37733
PATCH
| title: | Aruba Operating System Repair measures for path traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161707 | Trust: 0.6 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=c44c0d619aeb7aae33cdaba2bcaae31b | Trust: 0.1 |
sources:
CNNVD: CNNVD-202109-004 //
VULMON: CVE-2021-37733
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-280624 | Trust: 1.7 |
| db: | NVD | id: | CVE-2021-37733 | Trust: 1.7 |
| db: | AUSCERT | id: | ESB-2021.3458 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-287-07 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202109-004 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2021-37733 | Trust: 0.1 |
sources:
NVD: CVE-2021-37733 //
CNNVD: CNNVD-202109-004 //
VULMON: CVE-2021-37733
REFERENCES
| url: | https://www.arubanetworks.com/assets/alert/aruba-psa-2021-016.txt | Trust: 1.7 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Trust: 1.7 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-287-07 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/arubaos-multiple-vulnerabilities-36283 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.3458 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/22.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt | Trust: 0.1 |
sources:
NVD: CVE-2021-37733 //
CNNVD: CNNVD-202109-004 //
VULMON: CVE-2021-37733
CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
sources:
CNNVD: CNNVD-202109-004
SOURCES
| db: | NVD | id: | CVE-2021-37733 |
| db: | CNNVD | id: | CNNVD-202109-004 |
| db: | VULMON | id: | CVE-2021-37733 |
LAST UPDATE DATE
2021-12-18T13:04:00.617000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2021-37733 | date: | 2021-11-26T21:37:00 |
| db: | CNNVD | id: | CNNVD-202109-004 | date: | 2021-10-19T00:00:00 |
| db: | VULMON | id: | CVE-2021-37733 | date: | 2021-10-12T00:00:00 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2021-37733 | date: | 2021-09-07T13:15:00 |
| db: | CNNVD | id: | CNNVD-202109-004 | date: | 2021-09-01T00:00:00 |
| db: | VULMON | id: | CVE-2021-37733 | date: | 2021-09-07T00:00:00 |