An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
2020-12-11T02:15:11.057
2024-11-21T05:15:17.977
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | arubanetworks | arubaos | < 8.2.2.10 | Yes |
| Operating System | arubanetworks | arubaos | < 8.3.0.14 | Yes |
| Operating System | arubanetworks | arubaos | < 8.5.0.11 | Yes |
| Operating System | arubanetworks | arubaos | < 8.6.0.6 | Yes |
| Operating System | arubanetworks | arubaos | < 8.7.1.0 | Yes |
| Hardware | arubanetworks | 7005 | - | No |
| Hardware | arubanetworks | 7008 | - | No |
| Hardware | arubanetworks | 7010 | - | No |
| Hardware | arubanetworks | 7024 | - | No |
| Hardware | arubanetworks | 7030 | - | No |
| Hardware | arubanetworks | 7205 | - | No |
| Hardware | arubanetworks | 7210 | - | No |
| Hardware | arubanetworks | 7220 | - | No |
| Hardware | arubanetworks | 7240xm | - | No |
| Hardware | arubanetworks | 7280 | - | No |
| Application | arubanetworks | sd-wan | < 2.1.0.2 | Yes |
| Application | arubanetworks | sd-wan | < 2.2.0.1 | Yes |
| Hardware | arubanetworks | 9004 | - | No |
| Hardware | arubanetworks | 9004-lte | - | No |
| Hardware | arubanetworks | 9012 | - | No |