ArubaOS 8.x Web Management Interface Command Injection Vulnerability

ArubaOS 8.x Web Management Interface Command Injection Vulnerability

CVE-2019-5315 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.

Learn more about our Web App Pen Testing.