Description
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Hewlett Packard Enterprise (HPE) / Aruba CX SwitchesAOS-CX 10.11.xxxx: 10.11.1010 and below – AOS-CX 10.11.xxxx: 10.11.1010 and below
- Hewlett Packard Enterprise (HPE) / Aruba CX SwitchesAOS-CX 10.10.xxxx: 10.10.1050 and below – AOS-CX 10.10.xxxx: 10.10.1050 and below