CVE-2022-37932
Published: 12 December 2022
Summary
CVE-2022-37932 is a high-severity an unspecified weakness vulnerability in Hpe Officeconnect 1820 J9979A Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches that could be remotely exploited to allow authentication bypass. The affected devices are those running firmware versions prior to PT.02.14, PC.01.22, PO.01.21, or PD.02.22 respectively. The issue carries a CVSS 3.1 base score of 8.8 with an attack vector of adjacent network, low attack complexity, and no required privileges or user interaction, resulting in high impact to confidentiality, integrity, and availability.
An unauthenticated attacker with adjacent-network access can exploit the flaw to bypass authentication controls and obtain full administrative access to the switch. This would enable the attacker to read or modify device configuration and traffic data, disrupt network operations, or use the compromised switch as a pivot point into connected environments.
HPE advisory hpesbnw04383en_us states that the vulnerability is resolved by applying the listed firmware updates for each switch model. The associated EPSS score reached a peak of 0.7962 on 2026-02-03 before receding to its current value of 0.3670, indicating a period of elevated exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-40539
Vulnerability details
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in…
more
Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.