HPE ArubaOS
Easy fix7 remedies
cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*
Easy fix7 remedies
- <= 10.8.0.0
- <= 10.7.2.2
- <= 10.4.1.10
- <= 8.13.1.1
- <= 8.12.0.6
- <= 8.10.0.21
- ~10.6
- ~10.5
- ~10.3
- ~8.12
- ~8.11
- ~8.9
- ~8.8
- ~8.7
- ~8.6
- ~6.5.4
- ~8.7.0.0-2.3.0
- ~8.6.0.4-2.2
HPE Aruba Networking AOS-8 and AOS-10 Command Injection Vulnerability Allowing Arbitrary File Upload
Vulnerability
Patched
A command injection vulnerability has been identified in the web-based management interface of HPE Aruba Networking AOS-8 and AOS-10 Operating Systems. This vulnerability allows authenticated remote attackers to upload arbitrary files to the device's filesystem. Successful exploitation could lead to remote code execution as a privileged user.
Impact
Exploitation of this vulnerability could result in unauthorized file uploads, potentially allowing for remote code execution on the affected device with elevated privileges.
Remediation
Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). For AOS-8.12.x.x, which is end-of-maintenance, a one-time exception patch has been released. Instructions for downloading the update are available on the HPE Networking Support Portal.
Added: May 12, 2026, 8:31 PM
Updated: May 12, 2026, 8:31 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
2.5exploitability
4.4remediation
8.3relevance
8.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.