ArubaOS Authenticated Remote Command Injection Vulnerability

ArubaOS Authenticated Remote Command Injection Vulnerability

CVE-2023-35972 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Learn more about our Web App Pen Testing.