Vulnerability Details : CVE-2021-29149
A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.
Products affected by CVE-2021-29149
- Arubanetworks » Aos-cx FirmwareVersions from including (>=) 10.06.0000 and up to, including, (<=) 10.06.0110cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*
- Arubanetworks » Aos-cx FirmwareVersions from including (>=) 10.07.0000 and up to, including, (<=) 10.07.0001cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:arubanetworks:aos-cx_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-29149
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-29149
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
6.2
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.3
|
5.9
|
NIST |
References for CVE-2021-29149
-
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-013.txt
Patch;Vendor Advisory
Jump to