First published: Thu Feb 27 2020(Updated: )
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Airwave | >=8.0.0<8.2.10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5323 is a command injection vulnerability present in the AirWave application.
CVE-2019-5323 allows an attacker to execute arbitrary commands on the host if certain conditions are met.
CVE-2019-5323 has a severity rating of 7.2 (high).
AirWave versions 8.0.0 to 8.2.10.1 are affected by CVE-2019-5323.
To fix CVE-2019-5323, it is recommended to upgrade AirWave to a version that includes a fix for the vulnerability.