ID
VAR-202109-1856
CVE
CVE-2021-37729
TITLE
Aruba Operating System Path traversal vulnerability
Trust: 0.6
sources:
CNNVD: CNNVD-202109-003
DESCRIPTION
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability
Trust: 0.99
sources:
NVD: CVE-2021-37729 //
VULMON: CVE-2021-37729
AFFECTED PRODUCTS
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.5.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | sd-wan | scope: | lt | version: | 2.2.0.4 | Trust: 1.0 |
| vendor: | arubanetworks | model: | sd-wan | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 6.4.4.25 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.3.0.16 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.6.0.9 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.5.0.12 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.6.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.7.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 6.4.4.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 8.3.0.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | gte | version: | 6.5.4.0 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 8.7.1.3 | Trust: 1.0 |
| vendor: | arubanetworks | model: | sd-wan | scope: | gte | version: | 2.2.0.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance w1750d | scope: | lt | version: | 8.7.1.3 | Trust: 1.0 |
| vendor: | arubanetworks | model: | arubaos | scope: | lt | version: | 6.5.4.19 | Trust: 1.0 |
sources:
NVD: CVE-2021-37729
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
NVD: CVE-2021-37729 //
CNNVD: CNNVD-202109-003 //
VULMON: CVE-2021-37729
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.0 |
sources:
NVD: CVE-2021-37729
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202109-003
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-202109-003
CONFIGURATIONS
sources:
NVD: CVE-2021-37729
PATCH
| title: | Aruba Operating System Repair measures for path traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161706 | Trust: 0.6 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=c44c0d619aeb7aae33cdaba2bcaae31b | Trust: 0.1 |
sources:
CNNVD: CNNVD-202109-003 //
VULMON: CVE-2021-37729
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-280624 | Trust: 1.7 |
| db: | NVD | id: | CVE-2021-37729 | Trust: 1.7 |
| db: | AUSCERT | id: | ESB-2021.3458 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-287-07 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202109-003 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2021-37729 | Trust: 0.1 |
sources:
NVD: CVE-2021-37729 //
CNNVD: CNNVD-202109-003 //
VULMON: CVE-2021-37729
REFERENCES
| url: | https://www.arubanetworks.com/assets/alert/aruba-psa-2021-016.txt | Trust: 1.7 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Trust: 1.7 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-287-07 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/arubaos-multiple-vulnerabilities-36283 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.3458 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/22.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt | Trust: 0.1 |
sources:
NVD: CVE-2021-37729 //
CNNVD: CNNVD-202109-003 //
VULMON: CVE-2021-37729
CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
sources:
CNNVD: CNNVD-202109-003
SOURCES
| db: | NVD | id: | CVE-2021-37729 |
| db: | CNNVD | id: | CNNVD-202109-003 |
| db: | VULMON | id: | CVE-2021-37729 |
LAST UPDATE DATE
2021-12-18T13:07:33.391000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2021-37729 | date: | 2021-11-26T21:37:00 |
| db: | CNNVD | id: | CNNVD-202109-003 | date: | 2021-10-19T00:00:00 |
| db: | VULMON | id: | CVE-2021-37729 | date: | 2021-10-12T00:00:00 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2021-37729 | date: | 2021-09-07T13:15:00 |
| db: | CNNVD | id: | CNNVD-202109-003 | date: | 2021-09-01T00:00:00 |
| db: | VULMON | id: | CVE-2021-37729 | date: | 2021-09-07T00:00:00 |