CVE-2019-5323Command Injection in Airwave

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.1%
top 21.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Airwave
Timeline
PublishedFeb 27
Latest updateMay 24

Description

There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDarubanetworks/airwave8.0.08.2.10.1

🔴Vulnerability Details

2
GHSA
GHSA-vv7f-8rp8-rq42: There are command injection vulnerabilities present in the AirWave application2022-05-24
CVEList
CVE-2019-5323: There are command injection vulnerabilities present in the AirWave application2020-02-27
CVE-2019-5323 — Command Injection in Airwave | cvebase