CVE-2021-41000

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

5.6%

top 9.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Arubaos-cx

Timeline

PublishedMar 2

Latest updateMar 3

Description

Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that ad…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDhpe/arubaos-cx10.06.0001 — 10.06.0170+2

🔴Vulnerability Details

GHSA

GHSA-gw22-w47p-686w: Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aru↗2022-03-03

▶

CVEList

CVE-2021-41000: Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aru↗2022-03-02

▶