PT-2022-11350 · Aruba · Aruba 8325 Switch Series+7

Published

2022-03-02

·

Updated

2022-09-27

·

CVE-2021-41001

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Aruba CX 6200F Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 6300 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 6400 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8320 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8325 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8400 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba CX 8360 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba CX 6200F Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 6300 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 6400 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8320 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8325 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8400 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba CX 8360 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba CX 6200F Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 6300 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 6400 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8320 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8325 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8400 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba CX 8360 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below
Description An authenticated remote code execution issue was discovered in the AOS-CX Network Analytics Engine (NAE) in various Aruba switch series. Aruba has released upgrades for Aruba AOS-CX devices that address this security issue.
Recommendations For AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a version above 10.07.0050. For AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a version above 10.08.1030. For AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a version above 10.09.0002.

Fix

Command Injection

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2021-41001

Affected Products

Aos-Cx
Aruba 6300 Switch Series
Aruba 6400 Switch Series
Aruba 8320 Switch Series
Aruba 8325 Switch Series
Aruba 8400 Switch Series
Aruba Cx 6200F Switch Series
Aruba Cx 8360 Switch Series