CVE-2021-26964 — Incorrect Authorization in Airwave
Severity
7.1HIGHNVD
EPSS
0.1%
top 68.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 5
Latest updateMay 24
Description
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-5wg2-j2cf-g3q5: A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8↗2022-05-24
CVEList▶
CVE-2021-26964: A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8↗2021-03-05