188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory ===============================咨询ID: Aruba - psa -2020-007 CVE: CVE-2019-5320, CVE-2019-5321发布日期:2020年8月25日状态:已确认修订:1标题===== Aruba智能边缘交换机Web管理界面存在多个漏洞概述======== Aruba智能边缘交换机Web管理界面存在两个漏洞。成功利用这些漏洞可能导致对交换机的未经授权的管理访问。受影响的产品=================该漏洞影响Aruba Intelligent Edge Switches: 5400R 3810 2920 2930 2530 with GigT Port 2530 10/100 Port 2540上述产品的以下固件版本受影响:16.08. .* 16.08.0009 16.09之前。*在16.09.0007 16.10。======= Web远程未授权访问(CVE-2019-5321) --------------------------------------------------------------------- Web管理界面存在一个漏洞，允许攻击者访问交换机的管理。这种攻击只会发生在交换机管理员已经登录到交换机Web管理界面，并被攻击者说服单击专门设计的URL的情况下。内参:ATLCP-87严重程度:高CVSSv3总分:8.8 CVSS矢量:CVSS: 3.0 / AV: N /交流:L /公关:N / UI: R / S: U / C: H /我:H: H跨站点脚本(XSS) WebUI (cve - 2019 - 5320 ) --------------------------------------------------------------------- 有一个弱点在Web管理界面,允许攻击者将JavaScript代码通过发送一个精心制作的URL的管理员用户开关。这种攻击只会发生在交换机管理员已经登录到交换机Web管理界面，并被攻击者说服单击专门设计的URL的情况下。内部参考:ATLCP-87 Severity: Medium CVSSv3 Overall Score: 4.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Resolution ==========这些漏洞通过升级到以下固件版本来解决: - 16.08.0014 - 16.09.0012 - 16.10.0009 Discovery ========= Aruba would like to thank the following researchers for discovering and reporting these vulnerabilities: David Cámara Galindo and Andrés Elizalde Galdeano Workarounds =========== The vulnerabilities listed above are exploited through network traffic directed to Web Management Interface (WebUI) of the switch itself; Therefore, the following workaround is recommended: - If updating to the latest version is not possible, disable web management where possible. If you need assistance disabling web management, contact Aruba support. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code related to this issue. Revision History ================ Revision 1 / 2020-Aug-25 / Initial Release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl89laMACgkQmP4JykWF htnTKAf9F8jm/E6gT+ad81ZI3NFQc3e4+nmsqN2Q/gfxKvop9ZiVtxRCVaDBJZdX nT0LMoTvmRk8AX5e1MTyBm14uJIUrfRzlJRjnRX7j1shyKM5svqbVpwjm6oQLZME ODjS5kvVzdwhQ8HBVRIvmKPAJWkq7WvNbiU2LnkJhuNTNPy09Tj2RX3V6Ql2Egr4 wCAjTMWn3omAmhNT6a7Bw+OZStACe5iKbPjToSckV0ubA/AdjK1HBj3d4d99OLxL Bfg+xLolbBvjFpcLgZCOGpB5rb6zEVX8YJuJw2IqB0troCWBAt4NOqUrtt6b61/Y 26qRQUy7eAm77dhxEb31xHQ3KQEUNg== =XpKl -----END PGP SIGNATURE-----