CVE-2019-5315 — OS Command Injection in Arubaos

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

1.5%

top 19.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Aruba Networks Aruba Mobility Controllers

Timeline

PublishedSep 13

Latest updateMay 24

Description

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDarubanetworks/arubaos8.0.0.0 — 8.3.0.0

▶CVEListV5aruba_networks/aruba_mobility_controllersAruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3

🔴Vulnerability Details

GHSA

GHSA-c2r4-22c8-xq69: A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary comman↗2022-05-24

▶

CVEList

CVE-2019-5315: A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary comman↗2019-09-13

▶