CVE-2021-25141 - Vulnerability Details

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00127.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Aruba 5400R zl2 Switch Series; Aruba 2930F Switch Series; Aruba 2920 Switch Series; Aruba 2930M Switch Series; Aruba 2530 Switch Series; Aruba 2540 Switch Series; Aruba 3800 Switch Series; HPE 3500 and 3500 yl Switch Series; Aruba 3810M Switch Series; HPE 8200 zl Switch Series; Aruba 2620 Switch Series; Aruba 5400 zl Switch Series; HPE 6200 yl Switch Series

affected

Version	Status	Constraints
`Prior to KB.16.10.0012`	affected	—
`- Prior to WC.16.10.0012`	affected	—
`- Prior to WB.16.10.0011`	affected	—
`- Aruba 2530YA prior to YA.16.10.0012 / Aruba 2530YB prior YB.16.10.0012`	affected	—
`- Prior to YC.16.10.0012`	affected	—
`- Prior to KA.16.04.0022`	affected	—
`- Prior to K.16.02.0032`	affected	—
`- Prior to KB.16.10.0012`	affected	—
`- Prior to K.15.18.0024`	affected	—
`- Prior to RA.16.04.0022`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:arubanetworks:aruba_5406r_zl2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arubanetworks:aruba_5412r_zl2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:arubanetworks:aruba_3810m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2930m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2930f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2920_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2530ya_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:arubanetworks:aruba_3800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_3800:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2620:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hpe:8200_zl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:8200_zl:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hpe:6200_yl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:6200_yl:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hpe:3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:3500:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hpe:3500_yl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:3500_yl:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2530yb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Arubanetworks Subscribe	Aruba 2530ya Subscribe Aruba 2530ya Firmware Subscribe Aruba 2530yb Subscribe Aruba 2530yb Firmware Subscribe Aruba 2540 Subscribe Aruba 2540 Firmware Subscribe Aruba 2620 Subscribe Aruba 2620 Firmware Subscribe Aruba 2920 Subscribe Aruba 2920 Firmware Subscribe Aruba 2930f Subscribe Aruba 2930f Firmware Subscribe Aruba 2930m Subscribe Aruba 2930m Firmware Subscribe Aruba 3800 Subscribe Aruba 3800 Firmware Subscribe Aruba 3810m Subscribe Aruba 3810m Firmware Subscribe Aruba 5406r Zl2 Subscribe Aruba 5406r Zl2 Firmware Subscribe Aruba 5412r Zl2 Subscribe Aruba 5412r Zl2 Firmware Subscribe
Hpe Subscribe	3500 Subscribe 3500 Firmware Subscribe 3500 Yl Subscribe 3500 Yl Firmware Subscribe 6200 Yl Subscribe 6200 Yl Firmware Subscribe 8200 Zl Subscribe 8200 Zl Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2021-12052	A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-02-09T16:11:28

Updated: 2024-08-03T19:56:10.491Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-25141

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-09T17:15:14.780

Modified: 2024-11-21T05:54:25.993

Link: CVE-2021-25141

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object