CVE-2020-24637
Last modified
CVE-2020-24637 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.. EPSS estimates a 1.55% chance of exploitation in the next 30 days.
Description
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | < 8.5.0.11 |
| Arubanetworks | Arubaos | >= 8.6.0.0, < 8.6.0.6 |
| Arubanetworks | Arubaos | >= 8.7.0.0, < 8.7.1.0 |
| Arubanetworks | Sd-Wan | < 2.1.0.2 |
| Arubanetworks | Sd-Wan | >= 2.2.0.0, < 2.2.0.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-24637?
How severe is CVE-2020-24637?
How do I fix CVE-2020-24637?
Are you affected by CVE-2020-24637?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST