Описание
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.0.0 (включая) до 8.2.10.1 (исключая)
cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01117
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
больше 3 лет назад
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
EPSS
Процентиль: 78%
0.01117
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77