Command injection

2022-09-0618:15:00

PRIOn knowledge base

www.prio-n.com

aos-cx

nae scripts

command injection

arubaos-cx

switch

security vulnerability

upgrade

nvd

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.

CPENameOperatorVersion
aos-cxge10.06.0000
aos-cxlt10.06.0220
aos-cxge10.08.0000
aos-cxlt10.08.1080
aos-cxge10.09.0000
aos-cxlt10.09.1040
aos-cxge10.10.0000
aos-cxlt10.10.1000
aos-cxge10.06.0000
aos-cxlt10.06.0220

Name	Operator	Version
aos-cx	ge	10.06.0000
aos-cx	lt	10.06.0220
aos-cx	ge	10.08.0000
aos-cx	lt	10.08.1080
aos-cx	ge	10.09.0000
aos-cx	lt	10.09.1040
aos-cx	ge	10.10.0000
aos-cx	lt	10.10.1000
aos-cx	ge	10.06.0000
aos-cx	lt	10.06.0220