PT-2021-16421 · Aruba · Aruba Instant

Published

2021-03-30

Updated

2022-06-04

CVE-2021-25146

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Aruba Instant versions 6.5.4.17 and below Aruba Instant versions 8.3.0.13 and below Aruba Instant versions 8.5.0.10 and below Aruba Instant versions 8.6.0.5 and below Aruba Instant versions 8.7.0.0 and below

Description: A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products. Aruba has released patches that address this security issue.

Recommendations: For Aruba Instant versions 6.5.4.17 and below, update to a version above 6.5.4.17. For Aruba Instant versions 8.3.0.13 and below, update to a version above 8.3.0.13. For Aruba Instant versions 8.5.0.10 and below, update to a version above 8.5.0.10. For Aruba Instant versions 8.6.0.5 and below, update to a version above 8.6.0.5. For Aruba Instant versions 8.7.0.0 and below, update to a version above 8.7.0.0.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-25146

Affected Products

Aruba Instant

PT-2021-16421 · Aruba · Aruba Instant

CVE-2021-25146

Weakness Enumeration

Related Identifiers

Affected Products

References · 6