CVE-2022-37893

Name of the Vulnerable Software and Affected Versions Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS 10 versions 10.3.1.0 and below

Description An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

Recommendations For Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below, upgrade to a version above 4.2.4.20. For Aruba InstantOS versions 6.5.4.23 and below, upgrade to a version above 6.5.4.23. For Aruba InstantOS versions 8.6.0.18 and below, upgrade to a version above 8.6.0.18. For Aruba InstantOS versions 8.7.1.9 and below, upgrade to a version above 8.7.1.9. For Aruba InstantOS versions 8.10.0.1 and below, upgrade to a version above 8.10.0.1. For ArubaOS 10 versions 10.3.1.0 and below, upgrade to a version above 10.3.1.0.