Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7084

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1

Published

2019-05-10T18:29:03.133

Last Modified

2024-11-21T04:11:37.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application arubanetworks aruba_instant < 4.2.4.12 Yes
Application arubanetworks aruba_instant < 6.5.4.11 Yes
Application arubanetworks aruba_instant < 8.3.0.6 Yes
Application arubanetworks aruba_instant < 8.4.0.1 Yes
Operating System siemens scalance_w1750d_firmware < 8.4.0.1 Yes
Hardware siemens scalance_w1750d - No
References