CVE-2021-29148 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-29148 PUBLISHED CVSS 6.099999904632568 MEDIUM

A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.

EPSS 0.32% · 54.5th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.32%

54.5th percentile

Affected Products

Vendor	Product	Versions
n/a	Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series	Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001
arubanetworks	aos-cx_firmware	10.04.000, 10.05.0000, 10.06.0000

Timeline

Jul 16, 2021 CVE Published
Jul 23, 2021 EPSS Score
Sep 20, 2021 EPSS Score
Nov 18, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 15, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 13, 2022 EPSS Score
Jul 11, 2022 EPSS Score
Sep 8, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

Open in Interactive Console →