CVE-2022-37932 - Vulnerability Details

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.79616.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches

unaffected

Version	Status	Constraints
`Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9979a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9979a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9982a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9982a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9980a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9980a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9983a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9983a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9981a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9981a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9984a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9984a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\+:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\+:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_2xgt\/spf\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_2xgt\/spf\+:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp_poe\+:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_ppoe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp_ppoe\+:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_48g_4sfp_ppoe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_48g_4sfp_ppoe\+:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_48g_4sfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_48g_4sfp:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_8g_ppoe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_8g_ppoe\+:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_8g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_8g:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Hpe Subscribe	Officeconnect 1820 J9979a Subscribe Officeconnect 1820 J9979a Firmware Subscribe Officeconnect 1820 J9980a Subscribe Officeconnect 1820 J9980a Firmware Subscribe Officeconnect 1820 J9981a Subscribe Officeconnect 1820 J9981a Firmware Subscribe Officeconnect 1820 J9982a Subscribe Officeconnect 1820 J9982a Firmware Subscribe Officeconnect 1820 J9983a Subscribe Officeconnect 1820 J9983a Firmware Subscribe Officeconnect 1820 J9984a Subscribe Officeconnect 1820 J9984a Firmware Subscribe Officeconnect 1850 24g 2xgt Subscribe Officeconnect 1850 24g 2xgt Firmware Subscribe Officeconnect 1850 24g 2xgt Poe\+ Subscribe Officeconnect 1850 24g 2xgt Poe\+ Firmware Subscribe Officeconnect 1850 2xgt\/spf\+ Subscribe Officeconnect 1850 2xgt\/spf\+ Firmware Subscribe Officeconnect 1850 48g 4xgt Subscribe Officeconnect 1850 48g 4xgt Firmware Subscribe Officeconnect 1850 48g 4xgt Poe\+ Subscribe Officeconnect 1850 48g 4xgt Poe\+ Firmware Subscribe Officeconnect 1850 6xgt Subscribe Officeconnect 1850 6xgt Firmware Subscribe Officeconnect 1920s 24g 2sfp Subscribe Officeconnect 1920s 24g 2sfp Firmware Subscribe Officeconnect 1920s 24g 2sfp Poe\+ Subscribe Officeconnect 1920s 24g 2sfp Poe\+ Firmware Subscribe Officeconnect 1920s 24g 2sfp Ppoe\+ Subscribe Officeconnect 1920s 24g 2sfp Ppoe\+ Firmware Subscribe Officeconnect 1920s 48g 4sfp Subscribe Officeconnect 1920s 48g 4sfp Firmware Subscribe Officeconnect 1920s 48g 4sfp Ppoe\+ Subscribe Officeconnect 1920s 48g 4sfp Ppoe\+ Firmware Subscribe Officeconnect 1920s 8g Subscribe Officeconnect 1920s 8g Firmware Subscribe Officeconnect 1920s 8g Ppoe\+ Subscribe Officeconnect 1920s 8g Ppoe\+ Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-40539	A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_us

History

Thu, 24 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-11-30T15:23:14.750Z

Updated: 2025-04-24T18:42:08.233Z

Reserved: 2022-08-08T18:49:44.386Z

Link: CVE-2022-37932

Vulnrichment

Updated: 2024-08-03T10:37:42.568Z

NVD

Status : Modified

Published: 2022-12-12T13:15:14.360

Modified: 2024-11-21T07:15:24.617

Link: CVE-2022-37932

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object