Strix
26.1K

CVE-2022-37932

CRITICALCVSS 9.8/10EPSS 2.64%

Last modified

CVE-2022-37932 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. EPSS estimates a 2.64% chance of exploitation in the next 30 days.

Description

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.64%

83.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
HpeOfficeconnect 1820 J9979a Firmware< pt.02.14
HpeOfficeconnect 1820 J9982a Firmware< pt.02.14
HpeOfficeconnect 1820 J9980a Firmware< pt.02.14
HpeOfficeconnect 1820 J9983a Firmware< pt.02.14
HpeOfficeconnect 1820 J9981a Firmware< pt.02.14
HpeOfficeconnect 1820 J9984a Firmware< pt.02.14
HpeOfficeconnect 1850 24g 2xgt Poe\+ Firmware< pc.01.22
HpeOfficeconnect 1850 24g 2xgt Firmware< pc.01.22
HpeOfficeconnect 1850 48g 4xgt Poe\+ Firmware< pc.01.22
HpeOfficeconnect 1850 48g 4xgt Firmware< pc.01.22
HpeOfficeconnect 1850 6xgt Firmware< po.01.21
HpeOfficeconnect 1850 2xgt\/Spf\+ Firmware< po.01.21
HpeOfficeconnect 1920s 24g 2sfp Poe\+ Firmware< pd.02.22
HpeOfficeconnect 1920s 24g 2sfp Ppoe\+ Firmware< pd.02.22
HpeOfficeconnect 1920s 24g 2sfp Firmware< pd.02.22
HpeOfficeconnect 1920s 48g 4sfp Ppoe\+ Firmware< pd.02.22
HpeOfficeconnect 1920s 48g 4sfp Firmware< pd.02.22
HpeOfficeconnect 1920s 8g Ppoe\+ Firmware< pd.02.22
HpeOfficeconnect 1920s 8g Firmware< pd.02.22

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-37932?
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
How severe is CVE-2022-37932?
CVE-2022-37932 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.64% probability of exploitation in the next 30 days.
How do I fix CVE-2022-37932?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-37932?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST