RSS   Vulnerabilities for 'Airwave'   RSS

2020-02-27
 
CVE-2019-5326

CWE-502
 

 
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

 
 
CVE-2019-5323

CWE-74
 

 
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

 
2014-11-25
 
CVE-2014-8368

CWE-264
 

 
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.

 

 >>> Vendor: Arubanetworks 14 Products
Arubaos
Aruba mobility controller
Clearpass
Clearpass guest
Clearpass policy manager
Airwave
Instant access point firmware
Web management portal
203r firmware
203rp firmware
Ap-300 series access points firmware
Ap-300 series instant access points firmware
Aruba instant
Airwave network management


Copyright 2020, cxsecurity.com

 

Back to Top