CVE-2021-29149 — Vulnetix

CVE-2021-29149 PUBLISHED CVSS 6.199999809265137 MEDIUM

A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.

EPSS 0.06% · 17.8th percentile

Risk Scores

CVSS 3.1

6.199999809265137

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.06%

17.8th percentile

Affected Products

Vendor	Product	Versions
n/a	Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series	Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001
arubanetworks	aos-cx_firmware	10.04.000, 10.05.0000, 10.06.0000

Exploit Intelligence

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt (circl)

Timeline

Jul 22, 2021 CVE Published
Jul 23, 2021 EPSS Score
Sep 20, 2021 EPSS Score
Nov 19, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 17, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 16, 2022 EPSS Score
Jul 15, 2022 EPSS Score
Sep 12, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Jan 9, 2023 EPSS Score

References

Open in Interactive Console →