CVE-2018-7082
Severity
7.2HIGH
EPSS
2.4%
top 14.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 10
Latest updateMay 24
Description
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5aruba_instant_(iap)Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1
🔴Vulnerability Details
2GHSA▶
GHSA-2hpf-q76v-4m2j: A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the u↗2022-05-24
CVEList▶
CVE-2018-7082: A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the u↗2019-05-10