CVE-2021-26963
https://notcve.org/view.php?id=CVE-2021-26963
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. Se detectó una vulnerabilidad de ejecución de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la CLI de AirWave podrían permitir a usuarios autenticados remoto ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt •
CVE-2021-26964
https://notcve.org/view.php?id=CVE-2021-26964
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. Se detectó una vulnerabilidad de omisión de restricción de autenticación remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-863: Incorrect Authorization •
CVE-2021-26960
https://notcve.org/view.php?id=CVE-2021-26960
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. Se detectó una vulnerabilidad de cross-site request forgery (csrf) no autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Una vulnerabilidad en la interfaz de administración basada en web de AirWave podría permitir a un atacante remoto no autenticado conducir un ataque CSRF contra un sistema vulnerable. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-26962
https://notcve.org/view.php?id=CVE-2021-26962
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. Se detectó una vulnerabilidad de ejecución de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Unas vulnerabilidades en la CLI de AirWave podrían permitir a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-26961
https://notcve.org/view.php?id=CVE-2021-26961
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. Se detectó una vulnerabilidad de tipo cross-site request forgery (csrf) remotos no autenticados en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0. Una vulnerabilidad en la interfaz de administración basada en web de AirWave podría permitir a un atacante remoto no autenticado conducir un ataque CSRF contra un sistema vulnerable. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-352: Cross-Site Request Forgery (CSRF) •