Cyber Resilience

CVE-2021-25141

Medium

Published: 09 February 2021

Published
09 February 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 31.5th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-25141 is a medium-severity an unspecified weakness vulnerability in Arubanetworks Aruba 5406R Zl2 Firmware. Its CVSS base score is 4.4 (Medium).

Operationally, ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified.…

more

The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

arubanetworks
aruba 5406r zl2 firmware
≤ kb.16.10.0012
arubanetworks
aruba 5412r zl2 firmware
≤ kb.16.10.0012
arubanetworks
aruba 3810m firmware
≤ kb.16.10.0012
arubanetworks
aruba 2930m firmware
≤ wc.16.10.0012
arubanetworks
aruba 2930f firmware
≤ wc.16.10.0012
arubanetworks
aruba 2920 firmware
≤ wb.16.10.0011
arubanetworks
aruba 2540 firmware
≤ yc.16.10.0012
arubanetworks
aruba 2530ya firmware
≤ ya.16.10.0012
arubanetworks
aruba 3800 firmware
≤ ka.16.04.0022
arubanetworks
aruba 2620 firmware
≤ ra.16.04.0022
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References