Improper Authentication in Aruba Instant - CVE-2019-5317

 

Improper Authentication in Aruba Instant - CVE-2019-5317

Published: May 14, 2021


Vulnerability identifier: #VU53246
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5317
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Aruba Networks
Affected software:
Aruba Instant

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication mechanisms and gain access to the Aruba Instant command line interface.


How to mitigate CVE-2019-5317

Install updates from vendor's website.

Sources