VAR-202101-0202
Vulnerability from variot - Updated: 2024-11-23 22:25There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. AirWave Glass Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HPE Aruba Airwave Glass is a smart glasses device from HPE.
HPE Aruba Airwave Glass 1.3.3 has an input verification error vulnerability before 1.3.3. The vulnerability is due to insufficient input verification
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airwave glass",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "1.3.3"
},
{
"model": "airwave glass",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "airwave glass",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30eb\u30d0\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "1.3.3"
},
{
"model": "aruba airwave glass",
"scope": "lt",
"trust": 0.6,
"vendor": "hpe",
"version": "1.3.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"cve": "CVE-2020-24640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-24640",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-19699",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-24640",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24640",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-24640",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-19699",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1291",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
},
{
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. AirWave Glass Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HPE Aruba Airwave Glass is a smart glasses device from HPE. \n\r\n\r\nHPE Aruba Airwave Glass 1.3.3 has an input verification error vulnerability before 1.3.3. The vulnerability is due to insufficient input verification",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "CNVD",
"id": "CNVD-2021-19699"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24640",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-19699",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
},
{
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"id": "VAR-202101-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
}
]
},
"last_update_date": "2024-11-23T22:25:13.256000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2021-001",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt"
},
{
"title": "Patch for HPE Aruba Airwave Glass input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/254116"
},
{
"title": "HPE Aruba Airwave Glass Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139723"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24640"
},
{
"trust": 1.6,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2021-001.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
},
{
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
},
{
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"date": "2021-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"date": "2021-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1291"
},
{
"date": "2021-01-15T19:15:13.657000",
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"date": "2021-09-22T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2020-015427"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1291"
},
{
"date": "2024-11-21T05:15:19.033000",
"db": "NVD",
"id": "CVE-2020-24640"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE Aruba Airwave Glass input validation error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-19699"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1291"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…