CVE-2019-5323: Command Injection
First published: Thu Feb 27 2020(Updated: )
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Airwave | >=8.0.0<8.2.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-5323?
CVE-2019-5323 is a command injection vulnerability present in the AirWave application.
How does CVE-2019-5323 impact AirWave?
CVE-2019-5323 allows an attacker to execute arbitrary commands on the host if certain conditions are met.
What is the severity of CVE-2019-5323?
CVE-2019-5323 has a severity rating of 7.2 (high).
Which version of AirWave is affected by CVE-2019-5323?
AirWave versions 8.0.0 to 8.2.10.1 are affected by CVE-2019-5323.
How can I fix CVE-2019-5323?
To fix CVE-2019-5323, it is recommended to upgrade AirWave to a version that includes a fix for the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- vendor/arubanetworks
- canonical/arubanetworks airwave
- version/arubanetworks airwave/8.0.0