CVE-2022-37932

Hewlett Packard Enterprise OfficeConnect 1820 Authentication Bypass Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

Se ha identificado una posible vulnerabilidad de seguridad en los conmutadores de red Hewlett Packard Enterprise OfficeConnect 1820, 1850 y 1920S. La vulnerabilidad podría explotarse de forma remota para permitir omitir la autenticación. HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad en las versiones de los conmutadores de red Hewlett Packard Enterprise OfficeConnect 1820, 1850 y 1920S: anteriores a PT.02.14; Antes de PC.01.22; Antes de PO.01.21; Antes del PD.02.22;

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OfficeConnect 1820 switches. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the default_password_cfg.lua endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system and execute code in the context of root.

*Credits: Fernando Munoz

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-08 CVE Reserved
2022-11-21 CVE Published
2024-08-03 CVE Updated
2024-08-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_us	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hpe Search vendor "Hpe"	Officeconnect 1820 J9979a Firmware Search vendor "Hpe" for product "Officeconnect 1820 J9979a Firmware"	< pt.02.14 Search vendor "Hpe" for product "Officeconnect 1820 J9979a Firmware" and version " < pt.02.14"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1820 J9979a Search vendor "Hpe" for product "Officeconnect 1820 J9979a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1820 J9982a Firmware Search vendor "Hpe" for product "Officeconnect 1820 J9982a Firmware"	< pt.02.14 Search vendor "Hpe" for product "Officeconnect 1820 J9982a Firmware" and version " < pt.02.14"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1820 J9982a Search vendor "Hpe" for product "Officeconnect 1820 J9982a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1820 J9980a Firmware Search vendor "Hpe" for product "Officeconnect 1820 J9980a Firmware"	< pt.02.14 Search vendor "Hpe" for product "Officeconnect 1820 J9980a Firmware" and version " < pt.02.14"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1820 J9980a Search vendor "Hpe" for product "Officeconnect 1820 J9980a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1820 J9983a Firmware Search vendor "Hpe" for product "Officeconnect 1820 J9983a Firmware"	< pt.02.14 Search vendor "Hpe" for product "Officeconnect 1820 J9983a Firmware" and version " < pt.02.14"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1820 J9983a Search vendor "Hpe" for product "Officeconnect 1820 J9983a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1820 J9981a Firmware Search vendor "Hpe" for product "Officeconnect 1820 J9981a Firmware"	< pt.02.14 Search vendor "Hpe" for product "Officeconnect 1820 J9981a Firmware" and version " < pt.02.14"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1820 J9981a Search vendor "Hpe" for product "Officeconnect 1820 J9981a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1820 J9984a Firmware Search vendor "Hpe" for product "Officeconnect 1820 J9984a Firmware"	< pt.02.14 Search vendor "Hpe" for product "Officeconnect 1820 J9984a Firmware" and version " < pt.02.14"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1820 J9984a Search vendor "Hpe" for product "Officeconnect 1820 J9984a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Poe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Poe\+ Firmware"	< pc.01.22 Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Poe\+ Firmware" and version " < pc.01.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Poe\+ Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Poe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Firmware Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Firmware"	< pc.01.22 Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Firmware" and version " < pc.01.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Poe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Poe\+ Firmware"	< pc.01.22 Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Poe\+ Firmware" and version " < pc.01.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Poe\+ Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Poe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Firmware Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Firmware"	< pc.01.22 Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Firmware" and version " < pc.01.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 6xgt Firmware Search vendor "Hpe" for product "Officeconnect 1850 6xgt Firmware"	< po.01.21 Search vendor "Hpe" for product "Officeconnect 1850 6xgt Firmware" and version " < po.01.21"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 6xgt Search vendor "Hpe" for product "Officeconnect 1850 6xgt"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 2xgt\/spf\+ Firmware Search vendor "Hpe" for product "Officeconnect 1850 2xgt\/spf\+ Firmware"	< po.01.21 Search vendor "Hpe" for product "Officeconnect 1850 2xgt\/spf\+ Firmware" and version " < po.01.21"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 2xgt\/spf\+ Search vendor "Hpe" for product "Officeconnect 1850 2xgt\/spf\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 24g 2sfp Poe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Poe\+ Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Poe\+ Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 24g 2sfp Poe\+ Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Poe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 24g 2sfp Ppoe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Ppoe\+ Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Ppoe\+ Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 24g 2sfp Ppoe\+ Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Ppoe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 24g 2sfp Firmware Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 24g 2sfp Search vendor "Hpe" for product "Officeconnect 1920s 24g 2sfp"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 48g 4sfp Ppoe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1920s 48g 4sfp Ppoe\+ Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 48g 4sfp Ppoe\+ Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 48g 4sfp Ppoe\+ Search vendor "Hpe" for product "Officeconnect 1920s 48g 4sfp Ppoe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 48g 4sfp Firmware Search vendor "Hpe" for product "Officeconnect 1920s 48g 4sfp Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 48g 4sfp Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 48g 4sfp Search vendor "Hpe" for product "Officeconnect 1920s 48g 4sfp"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 8g Ppoe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1920s 8g Ppoe\+ Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 8g Ppoe\+ Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 8g Ppoe\+ Search vendor "Hpe" for product "Officeconnect 1920s 8g Ppoe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1920s 8g Firmware Search vendor "Hpe" for product "Officeconnect 1920s 8g Firmware"	< pd.02.22 Search vendor "Hpe" for product "Officeconnect 1920s 8g Firmware" and version " < pd.02.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1920s 8g Search vendor "Hpe" for product "Officeconnect 1920s 8g"	-	-	Safe