CVE-2020-7119

Опубликовано: 04 сент. 2020

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt
Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arubanetworks:analytics_and_location_engine:*:*:*:*:*:*:*:*

Версия от 2.1.0.0 (включая) до 2.1.0.3 (исключая)

cpe:2.3:a:arubanetworks:analytics_and_location_engine:2.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00343

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2gvr-mfrj-8q6g

github

больше 3 лет назад

A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.