Main Vulnerability Database Vulnerabilities #VU40865

#VU40865 OS Command Injection in ArubaOS (AOS) - CVE-2015-1388

Published: March 24, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40865

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-1388

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ArubaOS (AOS)

Software vendor:
Aruba Networks

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt

#VU40865 OS Command Injection in ArubaOS (AOS) - CVE-2015-1388

Description

Remediation

External links

Please verify you're human