Command injection

2022-12-1213:15:00

PRIOn knowledge base

www.prio-n.com

command injection

aruba networks

papi

udp port

remote code execution

0.003 Low

EPSS

Percentile

71.6%

JSON

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CPENameOperatorVersion
arubaosge8.7.0.0
arubaoslt8.7.1.9
arubaosge6.5.4.0
arubaoslt6.5.4.22
arubaosge8.4.0.0
arubaoslt8.6.0.17
arubaosge8.8.0.0
arubaoslt10.3.0.1
sd-waneq>= 8.7.0.02.3.0.0 AND < 8.7.0.02.3.0.6

Name	Operator	Version
arubaos	ge	8.7.0.0
arubaos	lt	8.7.1.9
arubaos	ge	6.5.4.0
arubaos	lt	6.5.4.22
arubaos	ge	8.4.0.0
arubaos	lt	8.6.0.17
arubaos	ge	8.8.0.0
arubaos	lt	10.3.0.1
sd-wan	eq	>= 8.7.0.02.3.0.0 AND < 8.7.0.02.3.0.6

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for PRION:CVE-2022-37897