Improper Authentication in Aruba Instant - CVE-2019-5317
Published: May 14, 2021
Vulnerability identifier: #VU53246
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5317
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Aruba Networks
Affected software:
Aruba Instant
Aruba Instant
Detailed vulnerability description
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication mechanisms and gain access to the Aruba Instant command line interface.
How to mitigate CVE-2019-5317
Install updates from vendor's website.