HPE Aruba Networking AOS-8 Command Injection Vulnerability in CLI Binary of Mobility Conductor and Controllers
Vulnerability
A command injection vulnerability has been identified in the command-line interface (CLI) binary of HPE Aruba Networking AOS-8 Controllers and Mobility Conductor. This vulnerability allows authenticated malicious actors to execute arbitrary commands as a privileged user on the underlying operating system. The issue arises within the CLI component of the AOS-8 Controller/Mobility Conductor operating system.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands with elevated privileges on the affected system's operating system.
Remediation
To address this vulnerability, users should upgrade to AOS-8.13.1.0 or above, AOS-8.12.0.6 or above, or AOS-8.10.0.19 or above, depending on their current version. Instructions for downloading the updated software are available on the HPE Networking Support Portal.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.