Cyber Resilience

CVE-2022-37934

Medium

Published: 05 January 2023

Published
05 January 2023
Modified
10 April 2025
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0056 68.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-37934 is a medium-severity Path Traversal (CWE-22) vulnerability in Hp Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, ranked in the top 31.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch…

more

series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hp
officeconnect 1820 24g poe\+ \(185w\) switch j9983a firmware
≤ pt.02.17
hp
officeconnect 1820 48g poe\+ \(370w\) switch j9984a firmware
≤ pt.02.17
hp
officeconnect 1820 8g poe\+ \(65w\) switch j9982a firmware
≤ pt.02.17
hp
officeconnect 1820 8g switch j9979a firmware
≤ pt.02.17
hpe
officeconnect 1850 24g 2xgt firmware
≤ pc.01.23
hpe
officeconnect 1850 24g 2xgt poe\+ firmware
≤ pc.01.23
hpe
officeconnect 1850 2xgt\/spf\+ firmware
≤ po.01.22
hpe
officeconnect 1850 48g 4xgt firmware
≤ pc.01.23
hpe
officeconnect 1850 48g 4xgt poe\+ firmware
≤ pc.01.23
hpe
officeconnect 1850 6xgt firmware
≤ pc.01.23

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References