CVE-2021-25141 - Vulnerability Details

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arubanetworks	Aruba 2530ya Aruba 2530ya Firmware Aruba 2530yb Aruba 2530yb Firmware Aruba 2540 Aruba 2540 Firmware Aruba 2620 Aruba 2620 Firmware Aruba 2920 Aruba 2920 Firmware Aruba 2930f Aruba 2930f Firmware Aruba 2930m Aruba 2930m Firmware Aruba 3800 Aruba 3800 Firmware Aruba 3810m Aruba 3810m Firmware Aruba 5406r Zl2 Aruba 5406r Zl2 Firmware Aruba 5412r Zl2 Aruba 5412r Zl2 Firmware
Hpe	3500 3500 Firmware 3500 Yl 3500 Yl Firmware 6200 Yl 6200 Yl Firmware 8200 Zl 8200 Zl Firmware

Configuration 1 [-]

AND

cpe:2.3:o:arubanetworks:aruba_5406r_zl2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arubanetworks:aruba_5412r_zl2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:arubanetworks:aruba_3810m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2930m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2930f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2920_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2530ya_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:arubanetworks:aruba_3800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_3800:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2620:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hpe:8200_zl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:8200_zl:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hpe:6200_yl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:6200_yl:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hpe:3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:3500:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hpe:3500_yl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:3500_yl:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:arubanetworks:aruba_2530yb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-02-09T16:11:28

Updated: 2024-08-03T19:56:10.491Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-25141

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-09T17:15:14.780

Modified: 2024-11-21T05:54:25.993

Link: CVE-2021-25141

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object