Details of VAR-202102-1333

ID

VAR-202102-1333

CVE

CVE-2021-25141

TITLE

plural HPE and Aruba L2/L3 Vulnerability in switch firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-003667

DESCRIPTION

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability. Arubanetwork Aruba/HPE is a switch made by Arubanetwork in the United States. A large number of ports for cable connection are provided, so that star topology wiring can be adopted

Trust: 2.16

sources: NVD: CVE-2021-25141 // JVNDB: JVNDB-2021-003667 // CNVD: CNVD-2021-44672

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44672

AFFECTED PRODUCTS

vendor:	arubanetworks	model:	aruba 2530yb	scope:	lt	version:	yb.16.10.0012	Trust: 1.0
vendor:	arubanetworks	model:	aruba 2930m	scope:	lt	version:	wc.16.10.0012	Trust: 1.0
vendor:	arubanetworks	model:	aruba 5406r zl2	scope:	lt	version:	kb.16.10.0012	Trust: 1.0
vendor:	hpe	model:	3500	scope:	lt	version:	k.16.02.0032	Trust: 1.0
vendor:	hpe	model:	6200 yl	scope:	lt	version:	k.15.18.0024	Trust: 1.0
vendor:	arubanetworks	model:	aruba 2930f	scope:	lt	version:	wc.16.10.0012	Trust: 1.0
vendor:	hpe	model:	8200 zl	scope:	lt	version:	k.15.18.0024	Trust: 1.0
vendor:	arubanetworks	model:	aruba 3810m	scope:	lt	version:	kb.16.10.0012	Trust: 1.0
vendor:	arubanetworks	model:	aruba 5412r zl2	scope:	lt	version:	kb.16.10.0012	Trust: 1.0
vendor:	arubanetworks	model:	aruba 2530ya	scope:	lt	version:	ya.16.10.0012	Trust: 1.0
vendor:	hpe	model:	3500 yl	scope:	lt	version:	k.16.02.0032	Trust: 1.0
vendor:	arubanetworks	model:	aruba 2920	scope:	lt	version:	wb.16.10.0011	Trust: 1.0
vendor:	arubanetworks	model:	aruba 2620	scope:	lt	version:	ra.16.04.0022	Trust: 1.0
vendor:	arubanetworks	model:	aruba 3800	scope:	lt	version:	ka.16.04.0022	Trust: 1.0
vendor:	arubanetworks	model:	aruba 2540	scope:	lt	version:	yc.16.10.0012	Trust: 1.0
vendor:	アルバネットワークス株式会社	model:	aruba 2930f	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 2920	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 3810m	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 5412r zl2	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 5406r zl2	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 2540	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 2930m	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 3800	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 2620	scope:	-	version:	-	Trust: 0.8
vendor:	アルバネットワークス株式会社	model:	aruba 2530ya	scope:	-	version:	-	Trust: 0.8
vendor:	arubanetwork	model:	aruba/hpe	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-44672 // JVNDB: JVNDB-2021-003667 // NVD: CVE-2021-25141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25141
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-25141
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-44672
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-661
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-25141
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-44672
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25141
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25141
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44672 // JVNDB: JVNDB-2021-003667 // CNNVD: CNNVD-202102-661 // NVD: CVE-2021-25141

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003667 // NVD: CVE-2021-25141

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-661

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-661

PATCH

title:	top page Hewlett Packard Enterprise HPE Security Bulletin	url:	https://www.arubanetworks.com/ja/	Trust: 0.8
title:	Patch for Arubanetwork Aruba/HPE has unspecified vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/274756	Trust: 0.6
title:	Arubanetwork Aruba/HPE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141788	Trust: 0.6

sources: CNVD: CNVD-2021-44672 // JVNDB: JVNDB-2021-003667 // CNNVD: CNNVD-202102-661

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25141	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-003667	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44672	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-661	Trust: 0.6

sources: CNVD: CNVD-2021-44672 // JVNDB: JVNDB-2021-003667 // CNNVD: CNNVD-202102-661 // NVD: CVE-2021-25141

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbnw04082en_us	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25141	Trust: 0.8
url:	https://vigilance.fr/vulnerability/aruba-hpe-switch-denial-of-service-via-management-interface-34510	Trust: 0.6

sources: CNVD: CNVD-2021-44672 // JVNDB: JVNDB-2021-003667 // CNNVD: CNNVD-202102-661 // NVD: CVE-2021-25141

SOURCES

db:	CNVD	id:	CNVD-2021-44672
db:	JVNDB	id:	JVNDB-2021-003667
db:	CNNVD	id:	CNNVD-202102-661
db:	NVD	id:	CVE-2021-25141

LAST UPDATE DATE

2024-11-23T22:47:41.730000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44672	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-003667	date:	2021-11-01T08:16:00
db:	CNNVD	id:	CNNVD-202102-661	date:	2021-02-18T00:00:00
db:	NVD	id:	CVE-2021-25141	date:	2024-11-21T05:54:25.993

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44672	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-003667	date:	2021-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202102-661	date:	2021-02-08T00:00:00
db:	NVD	id:	CVE-2021-25141	date:	2021-02-09T17:15:14.780