CVE-2022-37904

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-123
View all →

Vulnerability Description

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

Related Vulnerabilities

CVE-2021-42540

HIGH
CVSS:8.8(High)

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

CWE-1232021

CVE-2022-41757

HIGH
CVSS:8.8(High)

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already fre...

CWE-1232022

CVE-2020-7560

HIGH
CVSS:8.6(High)

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a c...

CWE-1232020

CVE-2022-1523

CRITICAL
CVSS:9.1(Critical)

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.

CWE-1232022

CVE-2018-3971

CRITICAL
CVSS:9.3(Critical)

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data ...

CWE-1232018

CVE-2022-35408

HIGH
CVSS:8.2(High)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and esc...

CWE-1232022