Описание
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.
Уязвимые конфигурации
Конфигурация 1Версия от 6.5.4.0 (включая) до 8.10.0.21 (исключая)Версия от 8.11.0.0 (включая) до 8.13.1.1 (исключая)Версия от 10.3.0.0 (включая) до 10.4.1.10 (исключая)Версия от 10.5.0.0 (включая) до 10.7.2.2 (исключая)
Одно из
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00066
Низкий
7.2 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.2
github
25 дней назад
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.
EPSS
Процентиль: 21%
0.00066
Низкий
7.2 High
CVSS3
Дефекты
CWE-434