CVE-2021-25167 — OS Command Injection in Airwave

CWE-78 — OS Command Injection CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.0%

top 23.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Airwave

Timeline

PublishedApr 29

Latest updateMay 24

Description

A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDarubanetworks/airwave< 8.2.12.1

🔴Vulnerability Details

GHSA

GHSA-fvg2-cppr-v38p: A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8↗2022-05-24

▶

CVEList

CVE-2021-25167: A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8↗2021-04-29

▶