cbcvebase.
CVE-2019-5326
published 2020-02-27

CVE-2019-5326: An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform…

PriorityP340high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.94%
77.5th percentile
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

Affected

1 ranges
VendorProductVersion rangeFixed in
arubanetworksairwave>= 8.0.0 < 8.2.10.18.2.10.1

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.