| |
Vulnerability CVE-2019-5323
Published: 2020-02-27
| Description: |
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. |
Type:
CWE-74
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
