CVE-2022-37932 - Vulnerability Details

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.7439.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hpe	Officeconnect 1820 J9979a Officeconnect 1820 J9979a Firmware Officeconnect 1820 J9980a Officeconnect 1820 J9980a Firmware Officeconnect 1820 J9981a Officeconnect 1820 J9981a Firmware Officeconnect 1820 J9982a Officeconnect 1820 J9982a Firmware Officeconnect 1820 J9983a Officeconnect 1820 J9983a Firmware Officeconnect 1820 J9984a Officeconnect 1820 J9984a Firmware Officeconnect 1850 24g 2xgt Officeconnect 1850 24g 2xgt Firmware Officeconnect 1850 24g 2xgt Poe\+ Officeconnect 1850 24g 2xgt Poe\+ Firmware Officeconnect 1850 2xgt\/spf\+ Officeconnect 1850 2xgt\/spf\+ Firmware Officeconnect 1850 48g 4xgt Officeconnect 1850 48g 4xgt Firmware Officeconnect 1850 48g 4xgt Poe\+ Officeconnect 1850 48g 4xgt Poe\+ Firmware Officeconnect 1850 6xgt Officeconnect 1850 6xgt Firmware Officeconnect 1920s 24g 2sfp Officeconnect 1920s 24g 2sfp Firmware Officeconnect 1920s 24g 2sfp Poe\+ Officeconnect 1920s 24g 2sfp Poe\+ Firmware Officeconnect 1920s 24g 2sfp Ppoe\+ Officeconnect 1920s 24g 2sfp Ppoe\+ Firmware Officeconnect 1920s 48g 4sfp Officeconnect 1920s 48g 4sfp Firmware Officeconnect 1920s 48g 4sfp Ppoe\+ Officeconnect 1920s 48g 4sfp Ppoe\+ Firmware Officeconnect 1920s 8g Officeconnect 1920s 8g Firmware Officeconnect 1920s 8g Ppoe\+ Officeconnect 1920s 8g Ppoe\+ Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9979a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9979a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9982a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9982a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9980a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9980a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9983a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9983a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9981a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9981a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hpe:officeconnect_1820_j9984a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1820_j9984a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\+:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\+:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_2xgt\/spf\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_2xgt\/spf\+:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp_poe\+:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_ppoe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp_ppoe\+:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_24g_2sfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_24g_2sfp:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_48g_4sfp_ppoe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_48g_4sfp_ppoe\+:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_48g_4sfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_48g_4sfp:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_8g_ppoe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_8g_ppoe\+:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hpe:officeconnect_1920s_8g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1920s_8g:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-40539	A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04383en_us

History

Thu, 24 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-11-30T15:23:14.750Z

Updated: 2025-04-24T18:42:08.233Z

Reserved: 2022-08-08T18:49:44.386Z

Link: CVE-2022-37932

Vulnrichment

Updated: 2024-08-03T10:37:42.568Z

NVD

Status : Modified

Published: 2022-12-12T13:15:14.360

Modified: 2024-11-21T07:15:24.617

Link: CVE-2022-37932

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object