Описание
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.
Уязвимые конфигурации
Конфигурация 1Версия от 8.6.0.0 (включая) до 8.10.0.21 (исключая)Версия от 8.11.0.0 (включая) до 8.13.1.1 (исключая)
Одно из
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00078
Низкий
6.5 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 6.5
github
25 дней назад
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.
EPSS
Процентиль: 23%
0.00078
Низкий
6.5 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-77