CVE-2018-7081Improper Input Validation in Arubaos

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.9%
top 16.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosAruba Networks Aruba Mobility Controllers
Timeline
PublishedSep 13
Latest updateMay 24

Description

A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is r

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5aruba_networks/aruba_mobility_controllersAruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3
NVDarubanetworks/arubaos6.5.0.06.5.4.13+5

🔴Vulnerability Details

2
GHSA
GHSA-v23q-qg5x-p624: A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS2022-05-24
CVEList
CVE-2018-7081: A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS2019-09-13
CVE-2018-7081 — Improper Input Validation in Arubaos | cvebase