CVE-2021-25141

Description

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

4.4

CVSS

Severity: Medium

CVSS 3.1 •

CVSS 2.0 •

EPSS 0.13%

Third-Party Advisory hpe.com

Affected: n/a Aruba 5400R zl2 Switch Series; Aruba 2930F Switch Series; Aruba 2920 Switch Series; Aruba 2930M Switch Series; Aruba 2530 Switch Series; Aruba 2540 Switch Series; Aruba 3800 Switch Series; HPE 3500 and 3500 yl Switch Series; Aruba 3810M Switch Series; HPE 8200 zl Switch Series; Aruba 2620 Switch Series; Aruba 5400 zl Switch Series; HPE 6200 yl Switch Series

References

Link	Tags
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us	third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-25141?: CVE-2021-25141 has been scored as a medium severity vulnerability.
How to fix CVE-2021-25141?: To fix CVE-2021-25141, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-25141 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-25141 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-25141?: CVE-2021-25141 affects n/a Aruba 5400R zl2 Switch Series; Aruba 2930F Switch Series; Aruba 2920 Switch Series; Aruba 2930M Switch Series; Aruba 2530 Switch Series; Aruba 2540 Switch Series; Aruba 3800 Switch Series; HPE 3500 and 3500 yl Switch Series; Aruba 3810M Switch Series; HPE 8200 zl Switch Series; Aruba 2620 Switch Series; Aruba 5400 zl Switch Series; HPE 6200 yl Switch Series.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.