Sign-up

ID

VAR-202009-1436


CVE

CVE-2020-7121


TITLE

plural  Aruba CX  Buffer error vulnerability in switch series

Trust: 0.8

sources: JVNDB: JVNDB-2020-011871

DESCRIPTION

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021. plural Aruba CX A buffer error vulnerability exists in the switch series.Denial of service (DoS) It may be put into a state

Trust: 2.25

sources: NVD: CVE-2020-7121 // JVNDB: JVNDB-2020-011871 // CNVD: CNVD-2021-19398 // VULMON: CVE-2020-7121

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-19398

AFFECTED PRODUCTS

vendor:arubanetworksmodel:cx 6300scope:lteversion:10.04.3021

Trust: 1.0

vendor:arubanetworksmodel:cx 8325scope:lteversion:10.04.3021

Trust: 1.0

vendor:arubanetworksmodel:cx 8320scope:lteversion:10.04.3021

Trust: 1.0

vendor:arubanetworksmodel:cx 6200fscope:lteversion:10.04.3021

Trust: 1.0

vendor:arubanetworksmodel:cx 6400scope:lteversion:10.04.3021

Trust: 1.0

vendor:arubanetworksmodel:cx 8400scope:lteversion:10.04.3021

Trust: 1.0

vendor:アルバネットワークス株式会社model:cx 6200fscope: - version: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:cx 6300scope: - version: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:cx 6400scope: - version: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:cx 8320scope: - version: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:cx 8325scope: - version: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:cx 8400scope: - version: -

Trust: 0.8

vendor:arubamodel:cx switches 6200fscope: - version: -

Trust: 0.6

vendor:arubamodel:cx switchesscope:eqversion:6300

Trust: 0.6

vendor:arubamodel:cx switchesscope:eqversion:6400

Trust: 0.6

vendor:arubamodel:cx switchesscope:eqversion:8320

Trust: 0.6

vendor:arubamodel:cx switchesscope:eqversion:8325

Trust: 0.6

vendor:arubamodel:cx switchesscope:eqversion:8400

Trust: 0.6

sources: CNVD: CNVD-2021-19398 // JVNDB: JVNDB-2020-011871 // NVD: CVE-2020-7121

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7121
value: HIGH

Trust: 1.0

NVD: CVE-2020-7121
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-19398
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-1357
value: HIGH

Trust: 0.6

VULMON: CVE-2020-7121
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7121
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-19398
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7121
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-7121
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-19398 // VULMON: CVE-2020-7121 // JVNDB: JVNDB-2020-011871 // CNNVD: CNNVD-202009-1357 // NVD: CVE-2020-7121

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011871 // NVD: CVE-2020-7121

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1357

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1357

PATCH

title:ARUBA-PSA-2020-009url:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt

Trust: 0.8

title:Patch for Aruba CX Switches Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/253641

Trust: 0.6

title:Aruba CX switch Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129746

Trust: 0.6

sources: CNVD: CNVD-2021-19398 // JVNDB: JVNDB-2020-011871 // CNNVD: CNNVD-202009-1357

EXTERNAL IDS

db:NVDid:CVE-2020-7121

Trust: 3.1

db:JVNDBid:JVNDB-2020-011871

Trust: 0.8

db:CNVDid:CNVD-2021-19398

Trust: 0.6

db:CNNVDid:CNNVD-202009-1357

Trust: 0.6

db:VULMONid:CVE-2020-7121

Trust: 0.1

sources: CNVD: CNVD-2021-19398 // VULMON: CVE-2020-7121 // JVNDB: JVNDB-2020-011871 // CNNVD: CNNVD-202009-1357 // NVD: CVE-2020-7121

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-7121

Trust: 2.0

url:https://www.arubanetworks.com/assets/alert/aruba-psa-2020-009.txt

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-19398 // VULMON: CVE-2020-7121 // JVNDB: JVNDB-2020-011871 // CNNVD: CNNVD-202009-1357 // NVD: CVE-2020-7121

SOURCES

db:CNVDid:CNVD-2021-19398
db:VULMONid:CVE-2020-7121
db:JVNDBid:JVNDB-2020-011871
db:CNNVDid:CNNVD-202009-1357
db:NVDid:CVE-2020-7121

LAST UPDATE DATE

2024-11-23T21:59:01.136000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-19398date:2021-03-19T00:00:00
db:VULMONid:CVE-2020-7121date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-011871date:2021-04-19T07:59:00
db:CNNVDid:CNNVD-202009-1357date:2020-10-22T00:00:00
db:NVDid:CVE-2020-7121date:2024-11-21T05:36:39.960

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-19398date:2021-03-18T00:00:00
db:VULMONid:CVE-2020-7121date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-011871date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202009-1357date:2020-09-23T00:00:00
db:NVDid:CVE-2020-7121date:2020-09-23T13:15:16.030