CVE-2021-41003

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Aruba CX 6200F Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 6300 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 6400 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 8320 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 8325 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba 8400 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba CX 8360 Switch Series versions AOS-CX 10.06.xxxx: 10.06.0170 and below Aruba CX 6200F Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 6300 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 6400 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8320 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8325 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba 8400 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba CX 8360 Switch Series versions AOS-CX 10.07.xxxx: 10.07.0050 and below Aruba CX 6200F Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 6300 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 6400 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8320 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8325 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba 8400 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba CX 8360 Switch Series versions AOS-CX 10.08.xxxx: 10.08.1030 and below Aruba CX 6200F Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 6300 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 6400 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8320 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8325 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba 8400 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below Aruba CX 8360 Switch Series versions AOS-CX 10.09.xxxx: 10.09.0002 and below

Description Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.

Recommendations For Aruba CX 6200F Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.06.xxxx: 10.06.0170 and below, upgrade to a newer version. For Aruba CX 6200F Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.07.xxxx: 10.07.0050 and below, upgrade to a newer version. For Aruba CX 6200F Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.08.xxxx: 10.08.1030 and below, upgrade to a newer version. For Aruba CX 6200F Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 6300 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 6400 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 8320 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 8325 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba 8400 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version. For Aruba CX 8360 Switch Series version AOS-CX 10.09.xxxx: 10.09.0002 and below, upgrade to a newer version.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-41003

Affected Products

Aos-Cx

Aruba 6300 Switch Series

Aruba 6400 Switch Series

Aruba 8320 Switch Series

Aruba 8325 Switch Series

Aruba 8400 Switch Series

Aruba Cx 6200F Switch Series

Aruba Cx 8360 Switch Series

CVE-2021-41003

Related Identifiers

Affected Products

References · 4