CVE-2019-5315

Summary

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.

Affected Software

VendorProductVersion RangeStatus
n/aAruba Mobility ControllersAruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3affected

Weaknesses

  • Authenticated command injection

ADP Enrichment

CVE Program Container

Additional References

References