First published: Fri May 10 2019(Updated: )
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Aruba Instant | >=4.0<4.2.4.12 | |
Arubanetworks Aruba Instant | >=6.5.0<6.5.4.11 | |
Arubanetworks Aruba Instant | >=8.3.0.0<8.3.0.6 | |
Arubanetworks Aruba Instant | >=8.4.0<8.4.0.1 | |
Siemens Scalance W1750d Firmware | <8.4.0.1 | |
Siemens SCALANCE W1750D |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7082 is a command injection vulnerability present in Aruba Instant that allows an authenticated admin to execute arbitrary commands on the underlying operating system.
CVE-2018-7082 affects Aruba Instant versions 4.0 to 4.2.4.12, 6.5.0 to 6.5.4.11, 8.3.0.0 to 8.3.0.6, and 8.4.0 to 8.4.0.1.
CVE-2018-7082 has a severity rating of 7.2 (Critical).
A malicious administrator can exploit CVE-2018-7082 by using the command injection vulnerability to install backdoors or change system configurations.
More information about CVE-2018-7082 can be found at the following references: [SecurityFocus](http://www.securityfocus.com/bid/108374), [Siemens Security Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf), and [Aruba Networks PSA](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt).