CVE-2022-37932

high-risk

Published 2022-12-12

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

Do I need to act?

69.7% chance of exploitation in next 30 days

EPSS score — higher than 30% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (19)

Officeconnect 1820 J9979A Firmware

Officeconnect 1820 J9982A Firmware

Officeconnect 1820 J9980A Firmware

Officeconnect 1820 J9983A Firmware

Officeconnect 1820 J9981A Firmware

Officeconnect 1820 J9984A Firmware

Officeconnect 1850 24G 2Xgt Poe\+ Firmware

Officeconnect 1850 24G 2Xgt Firmware

Officeconnect 1850 48G 4Xgt Poe\+ Firmware

Officeconnect 1850 48G 4Xgt Firmware

Officeconnect 1850 6Xgt Firmware

Officeconnect 1850 2Xgt\/Spf\+ Firmware

Officeconnect 1920S 24G 2Sfp Poe\+ Firmware

Officeconnect 1920S 24G 2Sfp Ppoe\+ Firmware

Officeconnect 1920S 24G 2Sfp Firmware

Officeconnect 1920S 48G 4Sfp Ppoe\+ Firmware

Officeconnect 1920S 48G 4Sfp Firmware

Officeconnect 1920S 8G Ppoe\+ Firmware

Officeconnect 1920S 8G Firmware

Affected Vendors

Hpe

References (2)

Vendor Advisory https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...

/ 100

high-risk

Severity 27/34 · High

Exploitability 19/34 · Moderate

Exposure 19/34 · Moderate