CVE-2022-37901: OS Command Injection
First published: Thu Nov 03 2022(Updated: )
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Sd-wan | >=8.7.0.0-2.3.0.0<8.7.0.0-2.3.0.7 | |
| Arubanetworks Arubaos | >=6.5.4.0<6.5.4.23 | |
| Arubanetworks Arubaos | >=8.4.0.0<8.6.0.18 | |
| Arubanetworks Arubaos | >=8.7.0.0<8.7.1.10 | |
| Arubanetworks Arubaos | >=8.8.0.0<=8.9.0.3 | |
| Arubanetworks Arubaos | =10.3.0.0 | |
| Arubanetworks 7005 | ||
| Arubanetworks 7008 | ||
| Arubanetworks 7010 | ||
| Arubanetworks 7024 | ||
| Arubanetworks 7030 | ||
| Arubanetworks 7205 | ||
| Arubanetworks 7210 | ||
| Arubanetworks 7220 | ||
| Arubanetworks 7240xm | ||
| Arubanetworks 7280 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this ArubaOS command injection vulnerability?
The vulnerability ID for this ArubaOS command injection vulnerability is CVE-2022-37901.
What is the severity of CVE-2022-37901?
The severity of CVE-2022-37901 is high, with a severity value of 7.2.
Which software is affected by CVE-2022-37901?
The ArubaOS software versions 6.5.4.0 to 6.5.4.23, 8.4.0.0 to 8.6.0.18, 8.7.0.0 to 8.7.1.10, 8.8.0.0 to 8.9.0.3, and 10.3.0.0 are affected by CVE-2022-37901.
How can an attacker exploit CVE-2022-37901?
An attacker can exploit CVE-2022-37901 by authenticating to the ArubaOS command line interface and executing arbitrary commands as a privileged user.
Is CVE-2022-37901 related to Aruba Networks SD-WAN?
No, CVE-2022-37901 is not related to Aruba Networks SD-WAN.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/arubanetworks
- canonical/arubanetworks sd-wan
- version/arubanetworks sd-wan/8.7.0.0-2.3.0.0
- canonical/arubanetworks arubaos
- version/arubanetworks arubaos/6.5.4.0
- version/arubanetworks arubaos/8.4.0.0
- version/arubanetworks arubaos/8.7.0.0
- version/arubanetworks arubaos/8.8.0.0
- version/arubanetworks arubaos/8.9.0.3
- version/arubanetworks arubaos/10.3.0.0
- canonical/arubanetworks 7005
- canonical/arubanetworks 7008
- canonical/arubanetworks 7010
- canonical/arubanetworks 7024
- canonical/arubanetworks 7030
- canonical/arubanetworks 7205
- canonical/arubanetworks 7210
- canonical/arubanetworks 7220
- canonical/arubanetworks 7240xm
- canonical/arubanetworks 7280