A command injection vulnerability has been identified in the web-based management interface of HPE Aruba Networking AOS-8. This vulnerability allows an authenticated privileged user to modify a package header to inject shell commands, potentially disrupting internal operations. Exploitation of this vulnerability could enable an authenticated malicious actor to execute commands with the privileges of the affected mechanism.
Successful exploitation allows for arbitrary command execution as a privileged user on the underlying operating system.
Users can upgrade to AOS-8.13.1.1 or AOS-8.10.0.21 to address this vulnerability. For more information, visit the HPE Aruba Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
