cbcvebase.
CVE-2019-5320
published 2020-08-26

CVE-2019-5320: Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007…

PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.77%
50.9th percentile
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.

Affected

18 ranges
VendorProductVersion rangeFixed in
arubanetworks2530_firmware>= 16.08.0 < 16.08.000916.08.0009
arubanetworks2530_firmware>= 16.09.0 < 16.09.000716.09.0007
arubanetworks2530_firmware>= 16.10.0 < 16.10.000316.10.0003
arubanetworks2540_firmware>= 16.08.0 < 16.08.000916.08.0009
arubanetworks2540_firmware>= 16.09.0 < 16.09.000716.09.0007
arubanetworks2540_firmware>= 16.10.0 < 16.10.000316.10.0003
arubanetworks2920_firmware>= 16.08.0 < 16.08.000916.08.0009
arubanetworks2920_firmware>= 16.09.0 < 16.09.000716.09.0007
arubanetworks2920_firmware>= 16.10.0 < 16.10.000316.10.0003
arubanetworks2930_firmware>= 16.08.0 < 16.08.000916.08.0009
arubanetworks2930_firmware>= 16.09.0 < 16.09.000716.09.0007
arubanetworks2930_firmware>= 16.10.0 < 16.10.000316.10.0003
arubanetworks3810_firmware>= 16.08.0 < 16.08.000916.08.0009
arubanetworks3810_firmware>= 16.09.0 < 16.09.000716.09.0007
arubanetworks3810_firmware>= 16.10.0 < 16.10.000316.10.0003
arubanetworks5400r_firmware>= 16.08.0 < 16.08.000916.08.0009
arubanetworks5400r_firmware>= 16.09.0 < 16.09.000716.09.0007
arubanetworks5400r_firmware>= 16.10.0 < 16.10.000316.10.0003

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.