An arbitrary file download vulnerability has been identified in the command-line interface (CLI) binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. This vulnerability allows authenticated malicious actors to download arbitrary files by exploiting the issue through carefully crafted exploits.
Successful exploitation of this vulnerability could lead to unauthorized access to files on the affected system.
To address this vulnerability, users should upgrade to AOS-10.7.2.1 and above, AOS-10.4.1.9 and above, AOS-8.13.1.0 and above, AOS-8.12.0.6 and above, or AOS-8.10.0.19 and above. These versions can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
