CVE-2019-5323

EUVD-2019-14927
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
arubanetworksairwave
8.0.0 ≤
𝑥
< 8.2.10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt