A vulnerability allowing arbitrary file downloads exists in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. This vulnerability can be exploited by an authenticated malicious actor to download arbitrary files through carefully crafted exploits.
Successful exploitation allows for arbitrary file downloads, potentially leading to unauthorized access to sensitive information or files on the system.
To address this vulnerability, users should upgrade to AOS-10.7.2.1 and above, AOS-10.4.1.9 and above, AOS-8.13.1.0 and above, AOS-8.12.0.6 and above, or AOS-8.10.0.19 and above. These versions include the necessary patches to resolve the vulnerability. For more information, visit the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
