CVE-2020-24637

Published on: 12/10/2020 12:00:00 AM UTC

Last Modified on: 11/18/2021 06:17:00 PM UTC

CVE-2020-24637

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Certain versions of 7005 from Arubanetworks contain the following vulnerability:

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

CVE-2020-24637 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.2 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	HIGH	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVSS2 Score: 9 - HIGH

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	LOW	SINGLE
Confidentiality Impact	Integrity Impact	Availability Impact
COMPLETE	COMPLETE	COMPLETE

CVE References

Description	Tags ^ⓘ	Link
Document Display \| HPE Support Center	Vendor Advisory support.hpe.com text/html	CONFIRM support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

43816 HPE Aruba OS Multiple Security Vulnerabilities (ARUBA-PSA-2020-012)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Arubanetworks	7005	-	All	All	All
Hardware	Arubanetworks	7005	-	All	All	All
Hardware	Arubanetworks	7008	-	All	All	All
Hardware	Arubanetworks	7008	-	All	All	All
Hardware	Arubanetworks	7010	-	All	All	All
Hardware	Arubanetworks	7010	-	All	All	All
Hardware	Arubanetworks	7024	-	All	All	All
Hardware	Arubanetworks	7024	-	All	All	All
Hardware	Arubanetworks	7030	-	All	All	All
Hardware	Arubanetworks	7030	-	All	All	All
Hardware	Arubanetworks	7205	-	All	All	All
Hardware	Arubanetworks	7205	-	All	All	All
Hardware	Arubanetworks	7210	-	All	All	All
Hardware	Arubanetworks	7210	-	All	All	All
Hardware	Arubanetworks	7220	-	All	All	All
Hardware	Arubanetworks	7220	-	All	All	All
Hardware	Arubanetworks	7240xm	-	All	All	All
Hardware	Arubanetworks	7240xm	-	All	All	All
Hardware	Arubanetworks	7280	-	All	All	All
Hardware	Arubanetworks	7280	-	All	All	All
Hardware	Arubanetworks	9004	-	All	All	All
Hardware	Arubanetworks	9004	-	All	All	All
Hardware	Arubanetworks	9004-lte	-	All	All	All
Hardware	Arubanetworks	9004-lte	-	All	All	All
Hardware	Arubanetworks	9012	-	All	All	All
Hardware	Arubanetworks	9012	-	All	All	All
Operating System	Arubanetworks	Arubaos	All	All	All	All
Operating System	Arubanetworks	Arubaos	All	All	All	All
Application	Arubanetworks	Sd-wan	All	All	All	All
Operating System	Arubanetworks	Sd-wan	All	All	All	All
Operating System	Arubanetworks	Sd-wan	All	All	All	All

cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*:
cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*:
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*:
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*:
cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*:
cpe:2.3:o:arubanetworks:sd-wan:*:*:*:*:*:*:*:*:
cpe:2.3:o:arubanetworks:sd-wan:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)