CVE-2020-24637Arubaos vulnerability

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 33.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Sd-wan
Timeline
PublishedDec 11
Latest updateMay 24

Description

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.6.0.6+2
NVDarubanetworks/sd-wan2.2.0.02.2.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-c43f-p3rv-7q34: Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot2022-05-24
CVEList
CVE-2020-24637: Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot2020-12-11
CVE-2020-24637 — Arubanetworks Arubaos vulnerability | cvebase