Remote Code Execution Vulnerability in Aruba Networks Switch Series
CVE-2021-41001

8.8HIGH

Key Information:

Vendor: HP
Status: Aruba Cx 6200f Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba Cx 8360 Switch Series
Vendor: CVE Published:; 2 March 2022

Summary

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine affecting several Aruba Switch Series, including the CX 6200F, 6300, and 6400 models. This vulnerability allows an attacker with network access and valid credentials to execute arbitrary code on the affected devices. Aruba Networks has released security updates to mitigate this issue. It is essential for users of affected AOS-CX versions to upgrade to the latest versions to prevent potential exploitation.

Affected Version(s)

Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Sep 13, 2021