CVE-2022-37934

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Se ha identificado una posible vulnerabilidad de seguridad en las series de conmutadores HPE OfficeConnect 1820 y 1850. La vulnerabilidad podría explotarse de forma remota para permitir el directory traversal de manera remota en la versión PT.02.17 y anteriores de la serie de conmutadores HPE OfficeConnect 1820, la versión PC.01.23 y posteriores de la serie de conmutadores HPE OfficeConnect 1850 y la versión PO.01.22 y PO.01.22 de la serie de conmutadores HPE OfficeConnect 1850 (agregador 10G). abajo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-08 CVE Reserved
2023-01-03 CVE Published
2024-08-03 CVE Updated
2024-08-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"	Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware Search vendor "Hp" for product "Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware"	< pt.02.17 Search vendor "Hp" for product "Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware" and version " < pt.02.17"	-	Affected	in	Hp Search vendor "Hp"	Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Search vendor "Hp" for product "Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a"	-	-	Safe
Hp Search vendor "Hp"	Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a Firmware Search vendor "Hp" for product "Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a Firmware"	< pt.02.17 Search vendor "Hp" for product "Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a Firmware" and version " < pt.02.17"	-	Affected	in	Hp Search vendor "Hp"	Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a Search vendor "Hp" for product "Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a"	-	-	Safe
Hp Search vendor "Hp"	Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a Firmware Search vendor "Hp" for product "Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a Firmware"	< pt.02.17 Search vendor "Hp" for product "Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a Firmware" and version " < pt.02.17"	-	Affected	in	Hp Search vendor "Hp"	Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a Search vendor "Hp" for product "Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a"	-	-	Safe
Hp Search vendor "Hp"	Officeconnect 1820 8g Switch J9979a Firmware Search vendor "Hp" for product "Officeconnect 1820 8g Switch J9979a Firmware"	< pt.02.17 Search vendor "Hp" for product "Officeconnect 1820 8g Switch J9979a Firmware" and version " < pt.02.17"	-	Affected	in	Hp Search vendor "Hp"	Officeconnect 1820 8g Switch J9979a Search vendor "Hp" for product "Officeconnect 1820 8g Switch J9979a"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Firmware Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Firmware"	< pc.01.23 Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Firmware" and version " < pc.01.23"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Poe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Poe\+ Firmware"	< pc.01.23 Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Poe\+ Firmware" and version " < pc.01.23"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 24g 2xgt Poe\+ Search vendor "Hpe" for product "Officeconnect 1850 24g 2xgt Poe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 2xgt\/spf\+ Firmware Search vendor "Hpe" for product "Officeconnect 1850 2xgt\/spf\+ Firmware"	< po.01.22 Search vendor "Hpe" for product "Officeconnect 1850 2xgt\/spf\+ Firmware" and version " < po.01.22"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 2xgt\/spf\+ Search vendor "Hpe" for product "Officeconnect 1850 2xgt\/spf\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Firmware Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Firmware"	< pc.01.23 Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Firmware" and version " < pc.01.23"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Poe\+ Firmware Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Poe\+ Firmware"	< pc.01.23 Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Poe\+ Firmware" and version " < pc.01.23"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 48g 4xgt Poe\+ Search vendor "Hpe" for product "Officeconnect 1850 48g 4xgt Poe\+"	-	-	Safe
Hpe Search vendor "Hpe"	Officeconnect 1850 6xgt Firmware Search vendor "Hpe" for product "Officeconnect 1850 6xgt Firmware"	< pc.01.23 Search vendor "Hpe" for product "Officeconnect 1850 6xgt Firmware" and version " < pc.01.23"	-	Affected	in	Hpe Search vendor "Hpe"	Officeconnect 1850 6xgt Search vendor "Hpe" for product "Officeconnect 1850 6xgt"	-	-	Safe