Unrated severityNVD Advisory· Published May 10, 2019· Updated Aug 5, 2024

CVE-2018-7084

Description

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1

Affected products

Aruba/Aruba Instantdescription
Arubanetworks/Instant (IAP)llm-fuzzy
Range: before 4.2.4.12, 6.5.4.11, 8.3.0.6, 8.4.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/108374mitrevdb-entryx_refsource_BID
cert-portal.siemens.com/productcert/pdf/ssa-549547.pdfmitrex_refsource_CONFIRM
www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txtmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000