Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for HPE Networking Instant On by Hewlett Packard Enterprise (HPE)

    CVE-2025-37103 (GCVE-0-2025-37103)

    Vulnerability from nvd – Published: 2025-07-08 19:09 – Updated: 2025-07-08 19:39
    VLAI
    Title
    Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface
    Summary
    Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Networking Instant On Affected: 3.2.0.0 , ≤ 3.2.0.1 (semver)
    Create a notification for this product.
    Credits
    ZZ from Ubisectech Sirius Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T19:38:46.361760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T19:39:53.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Networking Instant On",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.0.1",
                  "status": "affected",
                  "version": "3.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ZZ from Ubisectech Sirius Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHard-coded login credentials were found in HPE Networking Instant On  Access Points, allowing anyone with knowledge of it to bypass normal  device authentication. Successful exploitation could allow a remote  attacker to gain administrative access to the system.\u003c/p\u003e"
                }
              ],
              "value": "Hard-coded login credentials were found in HPE Networking Instant On  Access Points, allowing anyone with knowledge of it to bypass normal  device authentication. Successful exploitation could allow a remote  attacker to gain administrative access to the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T19:09:30.415Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04894",
            "discovery": "EXTERNAL"
          },
          "title": "Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-37103",
        "datePublished": "2025-07-08T19:09:30.415Z",
        "dateReserved": "2025-04-16T01:28:25.364Z",
        "dateUpdated": "2025-07-08T19:39:53.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-37102 (GCVE-0-2025-37102)

    Vulnerability from nvd – Published: 2025-07-08 19:08 – Updated: 2025-07-08 19:43
    VLAI
    Title
    Authenticated Command Injection Vulnerability In Instant On Command Line Interface
    Summary
    An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Networking Instant On Affected: 3.2.0.0 , ≤ 3.2.0.1 (semver)
    Create a notification for this product.
    Credits
    ZZ from Ubisectech Sirius Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37102",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T19:42:16.230373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T19:43:11.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Networking Instant On",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.0.1",
                  "status": "affected",
                  "version": "3.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ZZ from Ubisectech Sirius Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points.  \u003c/p\u003e\u003cp\u003eA successful exploitation could allow a remote attacker with elevated  privileges to execute arbitrary commands on the underlying operating system as a highly privileged user. \u003c/p\u003e"
                }
              ],
              "value": "An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points.  \n\nA successful exploitation could allow a remote attacker with elevated  privileges to execute arbitrary commands on the underlying operating system as a highly privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T19:08:15.395Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04894",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Command Injection Vulnerability In Instant On Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-37102",
        "datePublished": "2025-07-08T19:08:15.395Z",
        "dateReserved": "2025-04-16T01:28:25.364Z",
        "dateUpdated": "2025-07-08T19:43:11.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-37103 (GCVE-0-2025-37103)

    Vulnerability from cvelistv5 – Published: 2025-07-08 19:09 – Updated: 2025-07-08 19:39
    VLAI
    Title
    Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface
    Summary
    Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Networking Instant On Affected: 3.2.0.0 , ≤ 3.2.0.1 (semver)
    Create a notification for this product.
    Credits
    ZZ from Ubisectech Sirius Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T19:38:46.361760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T19:39:53.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Networking Instant On",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.0.1",
                  "status": "affected",
                  "version": "3.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ZZ from Ubisectech Sirius Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHard-coded login credentials were found in HPE Networking Instant On  Access Points, allowing anyone with knowledge of it to bypass normal  device authentication. Successful exploitation could allow a remote  attacker to gain administrative access to the system.\u003c/p\u003e"
                }
              ],
              "value": "Hard-coded login credentials were found in HPE Networking Instant On  Access Points, allowing anyone with knowledge of it to bypass normal  device authentication. Successful exploitation could allow a remote  attacker to gain administrative access to the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T19:09:30.415Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04894",
            "discovery": "EXTERNAL"
          },
          "title": "Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-37103",
        "datePublished": "2025-07-08T19:09:30.415Z",
        "dateReserved": "2025-04-16T01:28:25.364Z",
        "dateUpdated": "2025-07-08T19:39:53.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-37102 (GCVE-0-2025-37102)

    Vulnerability from cvelistv5 – Published: 2025-07-08 19:08 – Updated: 2025-07-08 19:43
    VLAI
    Title
    Authenticated Command Injection Vulnerability In Instant On Command Line Interface
    Summary
    An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Networking Instant On Affected: 3.2.0.0 , ≤ 3.2.0.1 (semver)
    Create a notification for this product.
    Credits
    ZZ from Ubisectech Sirius Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37102",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T19:42:16.230373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T19:43:11.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Networking Instant On",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.0.1",
                  "status": "affected",
                  "version": "3.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ZZ from Ubisectech Sirius Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points.  \u003c/p\u003e\u003cp\u003eA successful exploitation could allow a remote attacker with elevated  privileges to execute arbitrary commands on the underlying operating system as a highly privileged user. \u003c/p\u003e"
                }
              ],
              "value": "An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points.  \n\nA successful exploitation could allow a remote attacker with elevated  privileges to execute arbitrary commands on the underlying operating system as a highly privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T19:08:15.395Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04894",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Command Injection Vulnerability In Instant On Command Line Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2025-37102",
        "datePublished": "2025-07-08T19:08:15.395Z",
        "dateReserved": "2025-04-16T01:28:25.364Z",
        "dateUpdated": "2025-07-08T19:43:11.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }