// For flags

CVE-2020-24641

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.

En Aruba AirWave Glass versiones anteriores a 1.3.3, Se presenta una vulnerabilidad de tipo Server-Side Request Forgery por medio de un endpoint no autenticado que, si se explotaba con éxito, puede resultar en una divulgación de información confidencial. Esto puede ser usado para llevar a cabo una omisión de autenticación y, en última instancia, conseguir acceso administrativo en la interfaz web administrativa

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-25 CVE Reserved
  • 2021-01-15 CVE Published
  • 2023-10-01 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
  • CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt 2021-07-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arubanetworks
Search vendor "Arubanetworks"
 Airwave Glass
Search vendor "Arubanetworks" for product "Airwave Glass"
 < 1.3.3
Search vendor "Arubanetworks" for product "Airwave Glass" and version " < 1.3.3"
-
Affected