CVE-2018-16417

Name of the Vulnerable Software and Affected Versions Aruba Instant versions 4.x through 6.4.4.7 Aruba Instant versions 6.5.x through 6.5.4.10 Aruba Instant versions 8.3.x through 8.3.0.5 Aruba Instant versions 8.4.x through 8.4.0.0

Description The issue is related to the disclosure of information. An unauthenticated attacker can obtain recently cached configuration commands by navigating to a specially crafted URL on the Aruba Instant web interface. This may allow for command injection.

Recommendations For Aruba Instant versions 4.x through 6.4.4.7, update to version 6.4.4.8-4.2.4.12 or later. For Aruba Instant versions 6.5.x through 6.5.4.10, update to version 6.5.4.11 or later. For Aruba Instant versions 8.3.x through 8.3.0.5, update to version 8.3.0.6 or later. For Aruba Instant versions 8.4.x through 8.4.0.0, update to version 8.4.0.1 or later.