Lucene search

K
cve[email protected]CVE-2018-7082
HistoryMay 10, 2019 - 5:29 p.m.

CVE-2018-7082

2019-05-1017:29:01
CWE-78
web.nvd.nist.gov
30
cve-2018-7082
aruba instant
command injection
vulnerability
authenticated user
arbitrary commands
operating system
backdoors
system configuration
security fix
nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

66.2%

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

Affected configurations

NVD
Node
arubanetworksaruba_instantRange4.04.2.4.12
OR
arubanetworksaruba_instantRange6.5.06.5.4.11
OR
arubanetworksaruba_instantRange8.3.0.08.3.0.6
OR
arubanetworksaruba_instantRange8.4.08.4.0.1
Node
siemensscalance_w1750dMatch-
AND
siemensscalance_w1750d_firmwareRange<8.4.0.1

CNA Affected

[
  {
    "product": "Aruba Instant (IAP)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
      }
    ]
  }
]

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

66.2%

Related for CVE-2018-7082