First published: Fri Mar 05 2021(Updated: )
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Airwave | <8.2.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-26970.
The title of this vulnerability is 'A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform'.
The severity of CVE-2021-26970 is medium with a CVSS score of 6.3.
Aruba AirWave Management Platform versions prior to 8.2.12.0 are affected by CVE-2021-26970.
Remote authenticated users can exploit this vulnerability by running arbitrary commands on the underlying host through the AirWave web-based management interface.