Lucene search
HpeCVELIST:CVE-2018-7084HistoryMay 10, 2019 - 5:14 p.m.
CVE-2018-7084
2019-05-1017:14:37
hpe
www.cve.org
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1
CNA Affected
[
{
"product": "Aruba Instant (IAP)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
]Related
cve
cve
CVE-2018-7084
2019-05-10 18:29:03
prion
prion
Command injection
2019-05-10 18:29:00
nvd
nvd
CVE-2018-7084
2019-05-10 18:29:03
nessus
nessus
Siemens SCALANCE W1750D Command Injection (CVE-2018-7084)
2023-03-20 00:00:00
ics
ics
Siemens SCALANCE W1750D
2019-05-14 12:00:00