CVE-2022-37934 - Vulnerability Details

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00562.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise (HPE)

HPE OfficeConnect 1820 and 1850 Switch Series

unaffected

Version	Status	Constraints
`Prior to PT.02.17; Prior to PC.01.23; Prior to PO.01.22`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:officeconnect_1820_8g_switch_j9979a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1820_8g_switch_j9979a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_24g_2xgt_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_24g_2xgt_poe\+:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_2xgt\/spf\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_2xgt\/spf\+:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_48g_4xgt_poe\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_48g_4xgt_poe\+:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hpe:officeconnect_1850_6xgt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:officeconnect_1850_6xgt:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Hp Subscribe	Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Subscribe Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware Subscribe Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a Subscribe Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a Firmware Subscribe Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a Subscribe Officeconnect 1820 8g Poe\+ \(65w\) Switch J9982a Firmware Subscribe Officeconnect 1820 8g Switch J9979a Subscribe Officeconnect 1820 8g Switch J9979a Firmware Subscribe
Hpe Subscribe	Officeconnect 1850 24g 2xgt Subscribe Officeconnect 1850 24g 2xgt Firmware Subscribe Officeconnect 1850 24g 2xgt Poe\+ Subscribe Officeconnect 1850 24g 2xgt Poe\+ Firmware Subscribe Officeconnect 1850 2xgt\/spf\+ Subscribe Officeconnect 1850 2xgt\/spf\+ Firmware Subscribe Officeconnect 1850 48g 4xgt Subscribe Officeconnect 1850 48g 4xgt Firmware Subscribe Officeconnect 1850 48g 4xgt Poe\+ Subscribe Officeconnect 1850 48g 4xgt Poe\+ Firmware Subscribe Officeconnect 1850 6xgt Subscribe Officeconnect 1850 6xgt Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-40541	A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04401en_us

History

Thu, 10 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-01-03T18:33:15.954Z

Updated: 2025-04-10T15:42:45.470Z

Reserved: 2022-08-08T18:49:44.387Z

Link: CVE-2022-37934

Vulnrichment

Updated: 2024-08-03T10:37:42.572Z

NVD

Status : Modified

Published: 2023-01-05T07:15:10.257

Modified: 2025-04-10T16:15:20.107

Link: CVE-2022-37934

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object