CVE-2021-26963 : A remote authenticated arbitrary command execution vulnerability was discovered

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.

Published 2021-03-05 17:15:14

Updated 2021-03-11 14:29:51

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Products affected by CVE-2021-26963

Arubanetworks » Airwave
Versions before (<) 8.2.12.0
cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-26963

EPSS FAQ

3.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-26963

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-26963

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-26963

Products affected by CVE-2021-26963

Exploit prediction scoring system (EPSS) score for CVE-2021-26963

CVSS scores for CVE-2021-26963

References for CVE-2021-26963