ID

VAR-202110-1632


CVE

CVE-2021-37732


TITLE

Aruba Instant command injection vulnerability (CNVD-2021-89450)

Trust: 0.6

sources: CNVD: CNVD-2021-89450

DESCRIPTION

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. Provides the only Wi-Fi solution that is easy to set up. Aruba Instant has a command injection vulnerability, which is caused by incorrect input validation in the web interface. Attackers use the vulnerability to send elaborate HTTP requests to the application and execute arbitrary OS commands on the target system

Trust: 1.53

sources: NVD: CVE-2021-37732 // CNVD: CNVD-2021-89450 // VULMON: CVE-2021-37732

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-89450

AFFECTED PRODUCTS

vendor:arubanetworksmodel:aruba instantscope:ltversion:8.5.0.12

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:8.7.1.1

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:6.4.4.8-4.2.4.18

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:8.6.0.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:6.4.0.2-4.1.0.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:6.5.4.19

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:8.5.0.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:6.5.4.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:8.7.0.0

Trust: 1.0

vendor:siemensmodel:scalance w1750dscope:ltversion:8.7.1.3

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:8.6.0.7

Trust: 1.0

vendor:arubamodel:instantscope:eqversion:6.5.4.1

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.2

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.3

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.4

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.5

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.6

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.7

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.8

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.9

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.10

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.11

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.12

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.13

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.14

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.15

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.16

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.17

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:6.5.4.18

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.0

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.1

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.2

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.3

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.4

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.5

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.6

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.7

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.8

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.9

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.10

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.5.0.11

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.0

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.1

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.2

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.3

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.4

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.5

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.6.0.6

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.7.0.0

Trust: 0.6

vendor:arubamodel:instantscope:eqversion:8.7.1.0

Trust: 0.6

vendor:arubamodel:networks aruba instantscope:eqversion:8.7.x.x

Trust: 0.6

vendor:arubamodel:networks aruba instantscope:eqversion:6.4.x.x

Trust: 0.6

vendor:arubamodel:networks aruba instantscope:eqversion:6.5.x.x

Trust: 0.6

vendor:arubamodel:networks aruba instantscope:eqversion:8.6.x.x

Trust: 0.6

sources: CNVD: CNVD-2021-89450 // NVD: CVE-2021-37732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37732
value: HIGH

Trust: 1.0

CNVD: CNVD-2021-89450
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202110-412
value: HIGH

Trust: 0.6

VULMON: CVE-2021-37732
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-37732
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-89450
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-37732
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-89450 // VULMON: CVE-2021-37732 // CNNVD: CNNVD-202110-412 // NVD: CVE-2021-37732

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2021-37732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-412

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-412

PATCH

title:Patch for Aruba Instant command injection vulnerability (CNVD-2021-89450)url:https://www.cnvd.org.cn/patchInfo/show/300081

Trust: 0.6

title:Aruba Instant Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166190

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=3a4aac694122a77f4f689c8a03f6ae75

Trust: 0.1

sources: CNVD: CNVD-2021-89450 // VULMON: CVE-2021-37732 // CNNVD: CNNVD-202110-412

EXTERNAL IDS

db:NVDid:CVE-2021-37732

Trust: 2.3

db:SIEMENSid:SSA-917476

Trust: 1.7

db:ICS CERTid:ICSA-21-315-06

Trust: 0.7

db:CNVDid:CNVD-2021-89450

Trust: 0.6

db:CS-HELPid:SB2021111004

Trust: 0.6

db:CS-HELPid:SB2021100720

Trust: 0.6

db:AUSCERTid:ESB-2021.3874

Trust: 0.6

db:CNNVDid:CNNVD-202110-412

Trust: 0.6

db:VULMONid:CVE-2021-37732

Trust: 0.1

sources: CNVD: CNVD-2021-89450 // VULMON: CVE-2021-37732 // CNNVD: CNNVD-202110-412 // NVD: CVE-2021-37732

REFERENCES

url:https://www.arubanetworks.com/assets/alert/aruba-psa-2021-017.txt

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37732

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111004

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3874

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-315-06

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100720

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-06

Trust: 0.1

sources: CNVD: CNVD-2021-89450 // VULMON: CVE-2021-37732 // CNNVD: CNNVD-202110-412 // NVD: CVE-2021-37732

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202110-412

SOURCES

db:CNVDid:CNVD-2021-89450
db:VULMONid:CVE-2021-37732
db:CNNVDid:CNNVD-202110-412
db:NVDid:CVE-2021-37732

LAST UPDATE DATE

2024-08-14T12:41:44.463000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-89450date:2021-11-20T00:00:00
db:VULMONid:CVE-2021-37732date:2021-11-24T00:00:00
db:CNNVDid:CNNVD-202110-412date:2021-11-15T00:00:00
db:NVDid:CVE-2021-37732date:2021-11-24T21:37:33.660

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-89450date:2021-11-20T00:00:00
db:VULMONid:CVE-2021-37732date:2021-10-12T00:00:00
db:CNNVDid:CNNVD-202110-412date:2021-10-07T00:00:00
db:NVDid:CVE-2021-37732date:2021-10-12T16:15:07.423