Airwave
CVE-2021-26964
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.
AnalysisAI
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. Affected products include: Arubanetworks Airwave. Version information: Prior to 8.2.12.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Plat
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Plat
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. R
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today