PT-2019-2100 · Aruba · Aruba Instant
Published
2019-05-10
·
Updated
2023-03-20
·
CVE-2018-7084
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba Instant versions prior to 4.2.4.12
Aruba Instant versions prior to 6.5.4.11
Aruba Instant versions prior to 8.3.0.6
Aruba Instant versions prior to 8.4.0.1
Description
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device.
Recommendations
For versions prior to 4.2.4.12, update to version 4.2.4.12 or later.
For versions prior to 6.5.4.11, update to version 6.5.4.11 or later.
For versions prior to 8.3.0.6, update to version 8.3.0.6 or later.
For versions prior to 8.4.0.1, update to version 8.4.0.1 or later.
As a temporary workaround, consider blocking access to the Aruba Instant web interface from all untrusted users.
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aruba Instant