CVE-2020-7121 (GCVE-0-2020-7121)
Vulnerability from cvelistv5
Published
2020-09-23 12:36
Modified
2024-08-04 09:18
Severity ?
CWE
  • Multiple Memory Corruption Vulnerabilities in the LLDP Implementation
Summary
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.
References
Impacted products
Vendor Product Version
n/a Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400 Version: Firmware 10.04.3021 and below
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware 10.04.3021 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Multiple Memory Corruption Vulnerabilities in the LLDP Implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-23T12:36:57",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2020-7121",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba CX Switch Series 6200F, 6300, 6400, 8320, 8325, and 8400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Firmware 10.04.3021 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Multiple Memory Corruption Vulnerabilities in the LLDP Implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2020-7121",
    "datePublished": "2020-09-23T12:36:57",
    "dateReserved": "2020-01-16T00:00:00",
    "dateUpdated": "2024-08-04T09:18:03.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7121\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2020-09-23T13:15:16.030\",\"lastModified\":\"2024-11-21T05:36:39.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.\"},{\"lang\":\"es\",\"value\":\"Se han encontrado dos vulnerabilidades de corrupci\u00f3n de memoria en Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325 y 8400.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades podr\u00eda resultar en la Denegaci\u00f3n de Servicio Local del proceso LLDP (Link Layer Discovery Protocol) en el switch.\u0026#xa0;Esto aplica a las versiones de firmware anteriores a 10.04.3021\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.3021\",\"matchCriteriaId\":\"A77C7E5B-3EAB-4A52-99CF-D2C07B1EA823\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_6200f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB3993F-B4A6-4016-AF0F-82A23FE34063\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.3021\",\"matchCriteriaId\":\"81F5C8F4-D85F-42C9-96F7-CD91DAA94FF0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C32F7E4-E184-4F76-8638-017DF29D2FFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.3021\",\"matchCriteriaId\":\"C4BC17A7-2155-4A01-837B-05992EABD0D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_6400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A013EAE-387B-4C35-9D8F-E2200081E18E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.3021\",\"matchCriteriaId\":\"0123075E-D9A9-46F4-B857-A05ABBED38B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_8320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C93CD9C-1FD4-4E4A-9E3A-8FF19DE0D3AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.3021\",\"matchCriteriaId\":\"D88D164C-70ED-48F4-BF0D-595A27F81B12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_8325:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9645D616-077B-4313-B5EF-155B642CB073\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.04.3021\",\"matchCriteriaId\":\"0504A5A3-A49A-4DEA-9B26-85CD6545932B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arubanetworks:cx_8400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4FB7A6B-69C5-45EF-BE61-23BCF5172836\"}]}]}],\"references\":[{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.