CVE-2020-24637 Information

Jun 07, 2022 cve

Description

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1 2.2.0.0 and below; 6.4.4.23 6.5.4.17 8.2.2.9 8.3.0.13 8.5.0.10 8.6.0.5 8.7.0.0 and below ; 6.4.4.23 6.5.4.17 8.2.2.9 8.3.0.13 8.5.0.10 8.6.0.5 8.7.0.0 and below.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2

Share on: