A SQL injection vulnerability has been identified in HPE Aruba Networking's AOS-8 and AOS-10 operating systems. This vulnerability exists in several service components accessible through the command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit this vulnerability by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
Exploitation of this vulnerability could lead to unauthorized execution of arbitrary commands on the affected system's operating system, potentially compromising the entire system.
Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). These versions include patches for the vulnerabilities described. The update can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
