CVE-2022-37900
https://notcve.org/view.php?id=CVE-2022-37900
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Existen vulnerabilidades de inyección de comandos autenticadas en la interfaz de línea de comandos de ArubaOS. La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-37899
https://notcve.org/view.php?id=CVE-2022-37899
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Existen vulnerabilidades de inyección de comandos autenticadas en la interfaz de línea de comandos de ArubaOS. La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-37898
https://notcve.org/view.php?id=CVE-2022-37898
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Existen vulnerabilidades de inyección de comandos autenticadas en la interfaz de línea de comandos de ArubaOS. La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-37897
https://notcve.org/view.php?id=CVE-2022-37897
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existe una vulnerabilidad de inyección de comandos no autenticada que podría conducir a la ejecución remota de código mediante el envío de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (Aruba Networks AP management protocol). La explotación exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar código arbitrario como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-20930 – Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2022-20930
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. Una vulnerabilidad en la CLI del software Cisco SD-WAN podría permitir a un atacante local autenticado sobrescribir y posiblemente corromper archivos en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •