Vulnerabilities > CVE-2020-7121 - Out-of-bounds Write vulnerability in Arubanetworks products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

arubanetworks

CWE-787

NVD

Published: 2020-09-23

Updated: 2023-12-28

Summary

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.

Vulnerable Configurations

Part	Description	Count
OS	Arubanetworks Arubanetworks CX 6200F Firmware 10.04.1000 Arubanetworks CX 6200F Firmware 10.04.3021 Arubanetworks CX 6300 Firmware 10.04.1000 Arubanetworks CX 6300 Firmware 10.04.3021 Arubanetworks CX 6400 Firmware 10.04.1000 Arubanetworks CX 6400 Firmware 10.04.3021 Arubanetworks CX 8320 Firmware 10.04.1000 Arubanetworks CX 8320 Firmware 10.04.3021 Arubanetworks CX 8325 Firmware 10.04.1000 Arubanetworks CX 8325 Firmware 10.04.3021 Arubanetworks CX 8400 Firmware 10.04.1000 Arubanetworks CX 8400 Firmware 10.04.3021	12
Hardware	Arubanetworks Arubanetworks CX 6200F - Arubanetworks CX 6300 - Arubanetworks CX 6400 - Arubanetworks CX 8320 - Arubanetworks CX 8325 - Arubanetworks CX 8400 -	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-009.txt