Sign-up

ID

VAR-202301-0410


CVE

CVE-2022-37934


TITLE

HPE OfficeConnect 1820  and  1850  Path Traversal Vulnerability in Switch Series

Trust: 0.8

sources: JVNDB: JVNDB-2022-004911

DESCRIPTION

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below

Trust: 1.71

sources: NVD: CVE-2022-37934 // JVNDB: JVNDB-2022-004911 // VULMON: CVE-2022-37934

AFFECTED PRODUCTS

vendor:hpemodel:officeconnect 1850 2xgt\/spf\+scope:ltversion:po.01.22

Trust: 1.0

vendor:hpmodel:officeconnect 1820 48g poe\+ \ switch j9984ascope:ltversion:pt.02.17

Trust: 1.0

vendor:hpemodel:officeconnect 1850 48g 4xgt poe\+scope:ltversion:pc.01.23

Trust: 1.0

vendor:hpemodel:officeconnect 1850 6xgtscope:ltversion:pc.01.23

Trust: 1.0

vendor:hpemodel:officeconnect 1850 24g 2xgtscope:ltversion:pc.01.23

Trust: 1.0

vendor:hpemodel:officeconnect 1850 24g 2xgt poe\+scope:ltversion:pc.01.23

Trust: 1.0

vendor:hpemodel:officeconnect 1850 48g 4xgtscope:ltversion:pc.01.23

Trust: 1.0

vendor:hpmodel:officeconnect 1820 8g switch j9979ascope:ltversion:pt.02.17

Trust: 1.0

vendor:hpmodel:officeconnect 1820 8g poe\+ \ switch j9982ascope:ltversion:pt.02.17

Trust: 1.0

vendor:hpmodel:officeconnect 1820 24g poe\+ \ switch j9983ascope:ltversion:pt.02.17

Trust: 1.0

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1820 8g poe+ スイッチj9982ascope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1850 48g 4xgt poe+scope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1820 48g poe+ スイッチj9984ascope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1850 6xgtscope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1850 48g 4xgtscope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1820 8gスイッチj9979ascope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1850 24g 2xgt poe+scope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1820 24g poe+ スイッチj9983ascope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1850 2xgt/spf+scope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe officeconnect 1850 24g 2xgtscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004911 // NVD: CVE-2022-37934

CVSS

SEVERITY

CVSSV2

CVSSV3

security-alert@hpe.com: CVE-2022-37934
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-37934
value: HIGH

Trust: 1.0

NVD: CVE-2022-37934
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-335
value: HIGH

Trust: 0.6

security-alert@hpe.com: CVE-2022-37934
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-37934
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-37934
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-004911 // CNNVD: CNNVD-202301-335 // NVD: CVE-2022-37934 // NVD: CVE-2022-37934

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004911 // NVD: CVE-2022-37934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-335

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202301-335

PATCH

title:hpesbnw04401en_usurl:https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbnw04401en_us

Trust: 0.8

title:Hewlett Packard Enterprise OfficeConnect Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221296

Trust: 0.6

sources: JVNDB: JVNDB-2022-004911 // CNNVD: CNNVD-202301-335

EXTERNAL IDS

db:NVDid:CVE-2022-37934

Trust: 3.3

db:JVNDBid:JVNDB-2022-004911

Trust: 0.8

db:CNNVDid:CNNVD-202301-335

Trust: 0.6

db:VULMONid:CVE-2022-37934

Trust: 0.1

sources: VULMON: CVE-2022-37934 // JVNDB: JVNDB-2022-004911 // CNNVD: CNNVD-202301-335 // NVD: CVE-2022-37934

REFERENCES

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbnw04401en_us

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-37934

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-37934/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-37934 // JVNDB: JVNDB-2022-004911 // CNNVD: CNNVD-202301-335 // NVD: CVE-2022-37934

SOURCES

db:VULMONid:CVE-2022-37934
db:JVNDBid:JVNDB-2022-004911
db:CNNVDid:CNNVD-202301-335
db:NVDid:CVE-2022-37934

LAST UPDATE DATE

2025-04-11T22:52:08.121000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-37934date:2023-01-05T00:00:00
db:JVNDBid:JVNDB-2022-004911date:2023-05-11T05:17:00
db:CNNVDid:CNNVD-202301-335date:2023-01-13T00:00:00
db:NVDid:CVE-2022-37934date:2025-04-10T16:15:20.107

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-37934date:2023-01-05T00:00:00
db:JVNDBid:JVNDB-2022-004911date:2023-05-11T00:00:00
db:CNNVDid:CNNVD-202301-335date:2023-01-05T00:00:00
db:NVDid:CVE-2022-37934date:2023-01-05T07:15:10.257