Main Vulnerability Database Vulnerabilities #VU68776

#VU68776 XML External Entity injection in ArubaOS (AOS) and SD-WAN - CVE-2022-37911

Published: October 26, 2022

Vulnerability identifier: #VU68776

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-37911

CWE-ID: CWE-611

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ArubaOS (AOS)
SD-WAN

Software vendor:
Aruba Networks

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input within the command line interface. A local user can pass a specially crafted XML code to the system and view contents of arbitrary files on the system or initiate requests to external systems.

Remediation

Install updates from vendor's website.

External links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

#VU68776 XML External Entity injection in ArubaOS (AOS) and SD-WAN - CVE-2022-37911

Description

Remediation

External links

Please verify you're human