CVE-2019-5318 — Cross-Site Request Forgery in Arubaos

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 74.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos

Timeline

PublishedSep 7

Latest updateMay 24

Description

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDarubanetworks/arubaos8.0.0.0 — 8.8.0.0+1

🔴Vulnerability Details

GHSA

GHSA-mwwv-4h92-28r2: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6↗2022-05-24

▶

CVEList

CVE-2019-5318: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6↗2021-09-07

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE (Update A)↗2021-10-14

▶