CVE-2021-25155
Summary
| CVE | CVE-2021-25155 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-30 01:15:00 UTC |
| Updated | 2022-04-22 18:20:00 UTC |
| Description | A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Arubanetworks | Instant | All | All | All | All |
| Operating System | Arubanetworks | Instant | All | All | All | All |
| Hardware | Siemens | Scalance W1750d | - | All | All | All |
| Operating System | Siemens | Scalance W1750d Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt | MISC | www.arubanetworks.com | |
| Aruba Instant (IAP) Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf | CONFIRM | cert-portal.siemens.com | |
| Aruba Instant 8.7.1.0 Arbitrary File Modification ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590676 Siemens SCALANCE W1750D (Update B) Multiple Vulnerabilities (ICSA-21-131-14)