First published: Thu Feb 27 2020(Updated: )
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Airwave | >=8.0.0<8.2.10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-5326.
The title of the vulnerability is 'An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform.'
The affected software is Arubanetworks Airwave version between 8.0.0 and 8.2.10.1.
The severity of the vulnerability is high with a severity value of 7.2.
The vulnerability can be exploited by an administrative application user or application user with write access to Aruba Airwave VisualRF, allowing them to obtain code execution on the AMP platform by overwriting a file on disk which is subsequently deserialized by the Java application component.