CVE-2022-37932
published 2022-12-12CVE-2022-37932: A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
2.64%
83.7th percentile
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hpe | officeconnect_1820_j9979a_firmware | < pt.02.14 | pt.02.14 |
| hpe | officeconnect_1820_j9980a_firmware | < pt.02.14 | pt.02.14 |
| hpe | officeconnect_1820_j9981a_firmware | < pt.02.14 | pt.02.14 |
| hpe | officeconnect_1820_j9982a_firmware | < pt.02.14 | pt.02.14 |
| hpe | officeconnect_1820_j9983a_firmware | < pt.02.14 | pt.02.14 |
| hpe | officeconnect_1820_j9984a_firmware | < pt.02.14 | pt.02.14 |
| hpe | officeconnect_1850_24g_2xgt_firmware | < pc.01.22 | pc.01.22 |
| hpe | officeconnect_1850_24g_2xgt_poe_+_firmware | < pc.01.22 | pc.01.22 |
| hpe | officeconnect_1850_2xgt_spf_+_firmware | < po.01.21 | po.01.21 |
| hpe | officeconnect_1850_48g_4xgt_firmware | < pc.01.22 | pc.01.22 |
| hpe | officeconnect_1850_48g_4xgt_poe_+_firmware | < pc.01.22 | pc.01.22 |
| hpe | officeconnect_1850_6xgt_firmware | < po.01.21 | po.01.21 |
| hpe | officeconnect_1920s_24g_2sfp_firmware | < pd.02.22 | pd.02.22 |
| hpe | officeconnect_1920s_24g_2sfp_poe_+_firmware | < pd.02.22 | pd.02.22 |
| hpe | officeconnect_1920s_24g_2sfp_ppoe_+_firmware | < pd.02.22 | pd.02.22 |
| hpe | officeconnect_1920s_48g_4sfp_firmware | < pd.02.22 | pd.02.22 |
| hpe | officeconnect_1920s_48g_4sfp_ppoe_+_firmware | < pd.02.22 | pd.02.22 |
| hpe | officeconnect_1920s_8g_firmware | < pd.02.22 | pd.02.22 |
| hpe | officeconnect_1920s_8g_ppoe_+_firmware | < pd.02.22 | pd.02.22 |
| linux | linux_kernel | >= 0 < 4.4.0-270.304 | 4.4.0-270.304 |
| linux | linux_kernel | >= 0 < 4.15.0-239.251 | 4.15.0-239.251 |
Detection & IOCsextracted from sources · hover to see the quote
url/login/default_password_cfg.lua
url/htdocs/login/default_password_cfg.lua
path/login/default_password_cfg.lua
path/htdocs/login/default_password_cfg.lua
commandusername=admin&oldPwd=&newPwd={{password}}&confirmPwd={{password}}
othershodan: html:"HPE OfficeConnect"
- →Detect exploit attempts by monitoring HTTP POST requests to /login/default_password_cfg.lua or /htdocs/login/default_password_cfg.lua with an empty oldPwd field, indicating an unauthenticated password reset attempt.
- →A successful exploitation response returns HTTP 200 with a JSON body containing a 'redirect' key and Content-Type application/json.
- →Fingerprint vulnerable HPE OfficeConnect 1920S devices by checking for the string 'HPE OfficeConnect Switch 1920' in the HTTP response body of the root path.
- →Use Shodan query html:"HPE OfficeConnect" to identify internet-exposed HPE OfficeConnect switches potentially vulnerable to this authentication bypass.
- ·The vulnerability affects HPE OfficeConnect 1820, 1850, and 1920S switches on firmware versions prior to PT.02.14, PC.01.22, PO.01.21, and PD.02.22 respectively. Devices already patched to these versions are not vulnerable. ↗
- ·The exploit flow requires an initial GET to the root path to confirm the target is an HPE OfficeConnect Switch 1920 before attempting the password reset POST. The bypass only works when oldPwd is left empty (no prior password set).
- ·The attack vector is adjacent network (AV:A), meaning the attacker must be on the same network segment or VLAN as the switch management interface.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-kvm vulnerabilities
osv·2025-07-08·CVSS 5.5
CVE-2022-3640 linux-kvm vulnerabilities
linux-kvm vulnerabilities
It was discovered that a use-after-free vulnerability existed in the
Bluetooth stack in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3640)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Network file system (NFS) client;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Bluetooth subsystem;
- Network traffic control;
- USB sound devices;
(CVE-2024-50116, CVE-2021-47576, CVE-2024-53197, CVE-2024-46787,
CVE-2025-37798, CVE-2024-49958, CVE-2021-47260, CVE-2025-37932,
CVE-2022-49909)
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2025-07-08·CVSS 7.8
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- ACPI drivers;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Network traffic control;
- USB sound devices;
(CVE-2025-37932, CVE-2024-53197, CVE-2024-50116, CVE-2021-47379,
CVE-2024-49958, CVE-2022-49179, CVE-2024-46787, CVE-2024-41070,
CVE-2025-38000, CVE-2024-56662, CVE-2022-49176, CVE-2025-37798)
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
osv·2025-07-08·CVSS 7.8
CVE-2025-37932 linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- ACPI drivers;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Network traffic control;
- USB sound devices;
(CVE-2025-37932, CVE-2024-53197, CVE-2024-50116, CVE-2021-47379,
CVE-2024-49958, CVE-2022-49179, CVE-2024-46787, CVE-2024-41070,
CVE-2025-38000, CVE-2024-56662, CVE-2022-49176, CVE-2025-37798)
OSV
linux-fips vulnerabilities
osv·2025-07-01·CVSS 5.5
CVE-2022-3640 linux-fips vulnerabilities
linux-fips vulnerabilities
It was discovered that a use-after-free vulnerability existed in the
Bluetooth stack in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3640)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Network file system (NFS) client;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Bluetooth subsystem;
- Network traffic control;
- USB sound devices;
(CVE-2024-50116, CVE-2021-47576, CVE-2024-53197, CVE-2024-46787,
CVE-2025-37798, CVE-2024-49958, CVE-2021-47260, CVE-2025-37932,
CVE-2022-49909)
OSV
linux, linux-aws, linux-lts-xenial vulnerabilities
osv·2025-07-01·CVSS 5.5
CVE-2022-3640 linux, linux-aws, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-lts-xenial vulnerabilities
It was discovered that a use-after-free vulnerability existed in the
Bluetooth stack in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3640)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Network file system (NFS) client;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Bluetooth subsystem;
- Network traffic control;
- USB sound devices;
(CVE-2024-50116, CVE-2021-47576, CVE-2024-53197, CVE-2024-46787,
CVE-2025-37798, CVE-2024-49958, CVE-2021-47260, CVE-2025-37932,
CVE-2
GHSA
GHSA-gp8j-jhwq-pp4q: A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches
ghsa_unreviewed·2022-12-12
CVE-2022-37932 [CRITICAL] CWE-287 GHSA-gp8j-jhwq-pp4q: A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
VulnCheck
Hewlett Packard Enterprise OfficeConnect Remote Authentication Bypass Vulnerability
vulncheck·2022·CVSS 8.8
CVE-2022-37932 [HIGH] Hewlett Packard Enterprise OfficeConnect Remote Authentication Bypass Vulnerability
Hewlett Packard Enterprise OfficeConnect Remote Authentication Bypass Vulnerability
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
Affected: hpe officeconnect_1820_j9979a_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net
No detection rules found.
Nuclei
HP Switch - Authentication Bypass
nuclei·CVSS 9.8
CVE-2022-37932 [CRITICAL] HP Switch - Authentication Bypass
HP Switch - Authentication Bypass
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions- Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
Template:
id: CVE-2022-37932
info:
name: HP Switch - Authentication Bypass
author: Phulelouch
severity: high
description: |
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely explo
No writeups or analysis indexed.
2022-12-12
Published
Exploited in the wild