CVE-2022-37893OS Command Injection in Arubaos

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Instant
Timeline
PublishedOct 7
Latest updateOct 8

Description

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; A

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDarubanetworks/arubaos10.3.0.010.3.1.1
NVDarubanetworks/instant6.4.0.06.4.4.8-4.2.4.21+4

🔴Vulnerability Details

2
GHSA
GHSA-2gc3-8h7p-8j99: An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface2022-10-08
CVEList
CVE-2022-37893: An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface2022-10-07
CVE-2022-37893 — OS Command Injection in Arubaos | cvebase