Skip to main content

Instant CVE-2021-25146

HIGH
OS Command Injection (CWE-78)
2021-03-30 security-alert@hpe.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 30, 2021 - 01:15 nvd
HIGH 7.2

DescriptionNVD

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

AnalysisAI

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x:. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Affected products include: Arubanetworks Instant, Siemens Scalance W1750D Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2017-13099 HIGH POC
7.5 Dec 13

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange i

CVE-2021-25162 HIGH POC
8.1 Mar 30

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products

CVE-2021-25159 MEDIUM POC
6.5 Mar 30

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v

CVE-2021-25155 MEDIUM POC
6.5 Mar 30

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in v

CVE-2021-25161 MEDIUM POC
6.1 Mar 30

A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in ve

CVE-2021-25158 MEDIUM POC
5.9 Mar 30

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s

CVE-2022-37891 CRITICAL
9.8 Oct 07

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface

CVE-2022-37890 CRITICAL
9.8 Oct 07

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface

CVE-2022-37889 CRITICAL
9.8 Oct 07

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code

CVE-2022-37887 CRITICAL
9.8 Oct 07

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code

CVE-2022-37886 CRITICAL
9.8 Oct 07

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code

CVE-2022-37885 CRITICAL
9.8 Oct 07

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code

Share

CVE-2021-25146 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy