SQL injection vulnerabilities have been identified in HPE Aruba Networking AOS-8 and AOS-10 operating systems. These vulnerabilities are present in several service components accessible through the command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
Exploitation of this vulnerability could lead to unauthorized execution of arbitrary commands on the affected system's operating system with elevated privileges.
Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). HPE Aruba Networking does not evaluate or patch AOS-10 Gateway and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
