Design/Logic Flaw

2022-12-1213:15:00

PRIOn knowledge base

www.prio-n.com

arubaos

command line interface

xml entities

file retrieval

denial of service

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.

CPENameOperatorVersion
arubaosge8.7.0.0
arubaoslt8.7.1.9
arubaosge6.5.4.0
arubaoslt6.5.4.22
arubaosge8.4.0.0
arubaoslt8.6.0.17
arubaosge8.8.0.0
arubaoslt10.3.0.1
sd-waneq>= 8.7.0.02.3.0.0 AND < 8.7.0.02.3.0.6

Name	Operator	Version
arubaos	ge	8.7.0.0
arubaos	lt	8.7.1.9
arubaos	ge	6.5.4.0
arubaos	lt	6.5.4.22
arubaos	ge	8.4.0.0
arubaos	lt	8.6.0.17
arubaos	ge	8.8.0.0
arubaos	lt	10.3.0.1
sd-wan	eq	>= 8.7.0.02.3.0.0 AND < 8.7.0.02.3.0.6

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt