CVE-2020-7119

EUVD-2020-28253
A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
arubanetworksanalytics_and_location_engine
2.1.0.0 ≤
𝑥
< 2.1.0.3
arubanetworksanalytics_and_location_engine
2.0.0.0
𝑥
= Vulnerable software versions
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt