CVE-2020-7121 - OpenCVE

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Arubanetworks	Cx 8325 Cx 6300 Cx 8320 Firmware Cx 6200f Firmware Cx 6200f Cx 6400 Cx 8320 Cx 6300 Firmware Cx 6400 Firmware Cx 8325 Firmware Cx 8400 Firmware Cx 8400

Configuration 1 [-]

AND

cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2020-09-23T12:36:57

Updated: 2020-09-23T12:36:57

Reserved: 2020-01-16T00:00:00

Link: CVE-2020-7121

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-23T13:15:16.030

Modified: 2023-12-28T19:02:53.863

Link: CVE-2020-7121

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400", "vendor": "n/a", "versions": [{"status": "affected", "version": "Firmware 10.04.3021 and below"}]}], "descriptions": [{"lang": "en", "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021."}], "problemTypes": [{"descriptions": [{"description": "Multiple Memory Corruption Vulnerabilities in the LLDP Implementation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-23T12:36:57", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-7121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400", "version": {"version_data": [{"version_value": "Firmware 10.04.3021 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Multiple Memory Corruption Vulnerabilities in the LLDP Implementation"}]}]}, "references": {"reference_data": [{"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-7121", "datePublished": "2020-09-23T12:36:57", "dateReserved": "2020-01-16T00:00:00", "dateUpdated": "2020-09-23T12:36:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A77C7E5B-3EAB-4A52-99CF-D2C07B1EA823", "versionEndIncluding": "10.04.3021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CB3993F-B4A6-4016-AF0F-82A23FE34063", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "81F5C8F4-D85F-42C9-96F7-CD91DAA94FF0", "versionEndIncluding": "10.04.3021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C32F7E4-E184-4F76-8638-017DF29D2FFB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4BC17A7-2155-4A01-837B-05992EABD0D1", "versionEndIncluding": "10.04.3021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A013EAE-387B-4C35-9D8F-E2200081E18E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0123075E-D9A9-46F4-B857-A05ABBED38B5", "versionEndIncluding": "10.04.3021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D88D164C-70ED-48F4-BF0D-595A27F81B12", "versionEndIncluding": "10.04.3021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*", "matchCriteriaId": "9645D616-077B-4313-B5EF-155B642CB073", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0504A5A3-A49A-4DEA-9B26-85CD6545932B", "versionEndIncluding": "10.04.3021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4FB7A6B-69C5-45EF-BE61-23BCF5172836", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021."}, {"lang": "es", "value": "Se han encontrado dos vulnerabilidades de corrupci\u00f3n de memoria en Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325 y 8400. Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades podr\u00eda resultar en la Denegaci\u00f3n de Servicio Local del proceso LLDP (Link Layer Discovery Protocol) en el switch. Esto aplica a las versiones de firmware anteriores a 10.04.3021"}], "id": "CVE-2020-7121", "lastModified": "2023-12-28T19:02:53.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-23T13:15:16.030", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}