Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for 203rp_firmware by arubanetworks

    CVE-2018-7080 (GCVE-0-2018-7080)

    Vulnerability from nvd – Published: 2018-12-07 21:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
    Severity
    No CVSS data available.
    CWE
    • remote access restriction bypass
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba Access Points Affected: AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4
    Create a notification for this product.
    Date Public
    2018-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105814",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105814"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba Access Points",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote access restriction bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-08T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "name": "105814",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105814"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2018-7080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba Access Points",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote access restriction bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105814",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105814"
                },
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2018-7080",
        "datePublished": "2018-12-07T21:00:00.000Z",
        "dateReserved": "2018-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7080 (GCVE-0-2018-7080)

    Vulnerability from cvelistv5 – Published: 2018-12-07 21:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
    Severity
    No CVSS data available.
    CWE
    • remote access restriction bypass
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise Aruba Access Points Affected: AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4
    Create a notification for this product.
    Date Public
    2018-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105814",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105814"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba Access Points",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4"
                }
              ]
            }
          ],
          "datePublic": "2018-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote access restriction bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-08T10:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "name": "105814",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105814"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2018-7080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba Access Points",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote access restriction bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105814",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105814"
                },
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2018-7080",
        "datePublished": "2018-12-07T21:00:00.000Z",
        "dateReserved": "2018-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }