vendor:
Aurba 501
by:
Hosein Vita
6.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Aurba 501
Affected Version From: Aurba 501 CN12G5W0XX
Affected Version To: Aurba 501 CN12G5W0XX
Patch Exists: NO
Related CWE:
CPE: a:aruba:aruba_os:501
Platforms Tested: Linux
2024
Remote Command Execution in Aurba 501
An exploit that allows an attacker to remotely execute commands on an Aurba 501 device. By manipulating the 'ping_ip' parameter in a POST request, an attacker can inject arbitrary commands, leading to unauthorized access.
Mitigation:
To mitigate this vulnerability, ensure that input validation is implemented on the server-side to sanitize user inputs and prevent command injection attacks.