CVE-2021-26962

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.

CVSS v3 7.2 HIGH
CVSS v2.0 9.0 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt	Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:57

Type	Values Removed	Values Added
References	~~() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt - Vendor Advisory~~	() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt - Vendor Advisory

Information

Published : 2021-03-05 16:15

Updated : 2024-11-21 05:57

NVD link : CVE-2021-26962

Mitre link : CVE-2021-26962

CVE.ORG link : CVE-2021-26962

JSON object : View

Products Affected

arubanetworks

airwave

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2021-26962", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-03-05T16:15:13.070", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la CLI de AirWave podr\u00edan permitir a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso total del sistema"}], "lastModified": "2024-11-21T05:57:07.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D", "versionEndExcluding": "8.2.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}