CVE-2019-5315

2019-09-1316:53:42

hpe

www.cve.org

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.

CNA Affected

[
  {
    "product": "Aruba Mobility Controllers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt