HPE ArubaOS
Easy fix7 remedies
cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*
Easy fix7 remedies
- <= 10.8.0.0
- <= 10.7.2.2
- <= 10.4.1.10
- <= 8.13.1.1
- <= 8.12.0.6
- <= 8.10.0.21
- ~10.6
- ~10.5
- ~10.3
- ~8.12
- ~8.11
- ~8.9
- ~8.8
- ~8.7
- ~8.6
- ~6.5.4
- ~8.7.0.0-2.3.0
- ~8.6.0.4-2.2
HPE Aruba Networking AOS-8 and AOS-10 Command Injection Vulnerability in CLI Service via PAPI Protocol
Vulnerability
Patched
A command injection vulnerability has been identified in the command line interface (CLI) service accessed by the PAPI protocol of HPE Aruba Networking AOS-8 and AOS-10 Operating Systems. This vulnerability allows authenticated remote attackers to execute arbitrary commands on the underlying operating system. The issue arises from improper input validation, which could be exploited to inject malicious commands that are executed with elevated privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system, potentially allowing for a full system compromise.
Remediation
Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). Instructions for downloading the updated software are available on the HPE Networking Support Portal.
Added: May 12, 2026, 10:21 PM
Updated: May 12, 2026, 10:21 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
7.5exploitability
4.9remediation
7.9relevance
8.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.