Sign-up

ID

VAR-202101-0202


CVE

CVE-2020-24640


TITLE

HPE Aruba Airwave Glass input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-19699 // CNNVD: CNNVD-202101-1291

DESCRIPTION

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. AirWave Glass Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HPE Aruba Airwave Glass is a smart glasses device from HPE. HPE Aruba Airwave Glass 1.3.3 has an input verification error vulnerability before 1.3.3. The vulnerability is due to insufficient input verification

Trust: 2.16

sources: NVD: CVE-2020-24640 // JVNDB: JVNDB-2020-015427 // CNVD: CNVD-2021-19699

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-19699

AFFECTED PRODUCTS

vendor:arubanetworksmodel:airwave glassscope:ltversion:1.3.3

Trust: 1.0

vendor:アルバネットワークス株式会社model:airwave glassscope:eqversion: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:airwave glassscope:eqversion:1.3.3

Trust: 0.8

vendor:hpemodel:aruba airwave glassscope:ltversion:1.3.3

Trust: 0.6

sources: CNVD: CNVD-2021-19699 // JVNDB: JVNDB-2020-015427 // NVD: CVE-2020-24640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24640
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-24640
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-19699
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202101-1291
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-24640
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-19699
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-24640
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-24640
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-19699 // JVNDB: JVNDB-2020-015427 // CNNVD: CNNVD-202101-1291 // NVD: CVE-2020-24640

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015427 // NVD: CVE-2020-24640

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1291

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1291

PATCH

title:ARUBA-PSA-2021-001url:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt

Trust: 0.8

title:Patch for HPE Aruba Airwave Glass input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254116

Trust: 0.6

title:HPE Aruba Airwave Glass Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139723

Trust: 0.6

sources: CNVD: CNVD-2021-19699 // JVNDB: JVNDB-2020-015427 // CNNVD: CNNVD-202101-1291

EXTERNAL IDS

db:NVDid:CVE-2020-24640

Trust: 3.0

db:JVNDBid:JVNDB-2020-015427

Trust: 0.8

db:CNVDid:CNVD-2021-19699

Trust: 0.6

db:CNNVDid:CNNVD-202101-1291

Trust: 0.6

sources: CNVD: CNVD-2021-19699 // JVNDB: JVNDB-2020-015427 // CNNVD: CNNVD-202101-1291 // NVD: CVE-2020-24640

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-24640

Trust: 2.0

url:https://www.arubanetworks.com/assets/alert/aruba-psa-2021-001.txt

Trust: 1.6

sources: CNVD: CNVD-2021-19699 // JVNDB: JVNDB-2020-015427 // CNNVD: CNNVD-202101-1291 // NVD: CVE-2020-24640

SOURCES

db:CNVDid:CNVD-2021-19699
db:JVNDBid:JVNDB-2020-015427
db:CNNVDid:CNNVD-202101-1291
db:NVDid:CVE-2020-24640

LAST UPDATE DATE

2024-11-23T22:25:13.256000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-19699date:2021-03-21T00:00:00
db:JVNDBid:JVNDB-2020-015427date:2021-09-22T08:31:00
db:CNNVDid:CNNVD-202101-1291date:2021-01-22T00:00:00
db:NVDid:CVE-2020-24640date:2024-11-21T05:15:19.033

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-19699date:2021-03-21T00:00:00
db:JVNDBid:JVNDB-2020-015427date:2021-09-22T00:00:00
db:CNNVDid:CNNVD-202101-1291date:2021-01-15T00:00:00
db:NVDid:CVE-2020-24640date:2021-01-15T19:15:13.657