Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-41003

Опубликовано: 02 мар. 2022
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Версия от 10.06.0001 (включая) до 10.06.0170 (включая)
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Версия от 10.07.0001 (включая) до 10.07.0050 (включая)
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Версия от 10.08.0001 (включая) до 10.08.1030 (включая)
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*
Версия от 10.09.0001 (включая) до 10.09.0002 (включая)

Одно из

cpe:2.3:h:hpe:aruba_8320:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8325-32-c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8325-48y8c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8360-12c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8360-16y2c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8360-24xf2c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8360-32y4c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8360-48xt4c:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_8400x:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00554
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-fgp8-23vc-w7xh

CVSS3: 6.1
github
почти 4 года назад

Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.

EPSS

Процентиль: 68%
0.00554
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo