Command Injection Vulnerabilities in Aruba Networks Switch Products
CVE-2021-41003

6.1MEDIUM

Key Information:

Vendor: HP
Status: Aruba Cx 6200f Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba Cx 8360 Switch Series
Vendor: CVE Published:; 2 March 2022

Summary

Multiple unauthenticated command injection vulnerabilities were identified in the AOS-CX API interface for various Aruba CX switch series. These vulnerabilities allow an attacker to execute arbitrary commands, which may lead to unauthorized access and manipulation of the affected switch systems. Aruba Networks has provided upgrades to resolve these vulnerabilities, urging users to update their devices to the latest versions to safeguard their network infrastructure.

Affected Version(s)

Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Sep 13, 2021