Assigner | hpe |
Reserved | 2024-04-03 |
Published | 2024-05-14 |
Updated | 2024-06-06 |
Description
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Product status
InstantOS or ArubaOS (access points) 10.5.x.x: 10.5.1.0 and below.
InstantOS or ArubaOS (access points) 10.4.x.x: 10.4.1.0 and below.
InstantOS or ArubaOS (access points) 8.11.x.x: 8.11.2.1 and below.
InstantOS or ArubaOS (access points) 8.10.x.x: 8.10.0.10 and below.
InstantOS or ArubaOS (access points) 8.6.x.x: 8.6.0.23 and below.
Credits
Erik De Jong (bugcrowd.com/erikdejong)
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt