CVE-2021-25156 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25156
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de creación de directorio arbitrario remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores; Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://www.exploit-db.com/exploits/50136 http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt •
CVE-2021-25155 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25155
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de modificación remota de archivos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.11 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.6 y anteriores; Aruba Instant versiones 8.7.x: 8.7.1.0 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://www.exploit-db.com/exploits/50136 https://www.exploit-db.com/exploits/50133 http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html http://packetstormsecurity.com/files/163524/Aruba-Instant-8.7.1.0-Arbitrary-File-Modification.html https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt •
CVE-2021-25150
https://notcve.org/view.php?id=CVE-2021-25150
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.4 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-25146
https://notcve.org/view.php?id=CVE-2021-25146
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.5.x: 6.5.4.17 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.13 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores; Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-25149
https://notcve.org/view.php?id=CVE-2021-25149
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de desbordamiento de búfer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •