Command Injection Vulnerabilities in AirWave Application

Command Injection Vulnerabilities in AirWave Application

CVE-2019-5323 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

Learn more about our User Device Pen Test.