Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion
CVE-2023-35975

6.5MEDIUM

Summary

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.

Affected Version(s)

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central - ArubaOS 10.4.x.x: 10.4.0.1 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central - ArubaOS 10.4.x.x: 10.4.0.1 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central - ArubaOS 8.11.x.x: 8.11.1.0 and below

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Erik de Jong (bugcrowd.com/erikdejong)
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.