CVE-2023-35974Command Injection in Arubaos

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 33.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Arubaos
Timeline
PublishedJul 5

Description

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDarubanetworks/arubaos6.5.4.08.6.0.21+3

🔴Vulnerability Details

2
CVEList
Authenticated Remote Command Execution in the ArubaOS Command Line Interface2023-07-05
GHSA
GHSA-27fj-7xp4-5c3r: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface2023-07-05
CVE-2023-35974 — Command Injection in Arubaos | cvebase