Detections
Analytics

ArubaOS Remote Access Point Command Injection

high Nessus Plugin ID 82567

Language:

Synopsis

The version of ArubaOS has a command injection vulnerability.

Description

The version of ArubaOS on the remote device is affected by a unspecified command injection vulnerability in the Remote Access Point (RAP) console. A local attacker can access the RAP console and inject commands that will be run on ArubaOS with root privileges.

Solution

Upgrade to 6.3.1.15 / 6.4.2.4 or later.

See Also

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt

Plugin Details

Severity: High

ID: 82567

File Name: arubaos_CVE-2015-1388.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 4/3/2015

Updated: 5/12/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:arubanetworks:arubaos

Required KB Items: Host/ArubaNetworks/model, Host/ArubaNetworks/ArubaOS/version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/18/2015

Vulnerability Publication Date: 3/18/2015

Reference Information

CVE: CVE-2015-1388

BID: 73329

IAVA: 2015-A-0065-S