CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7082
https://notcve.org/view.php?id=CVE-2018-7082
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 Una vulnerabilidad de inyección de comandos está presente en Aruba Instant que permite a un usuario administrativo autenticado realizar comandos arbitrarios en el sistema operativo subyacente. Un administrador malicioso podría usar esta habilidad para instalar backdoors o cambiar la configuración del sistema de una manera que no quede registro. • http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7083
https://notcve.org/view.php?id=CVE-2018-7083
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 Si un proceso que corre dentro de Aruba Instant se bloquea, puede conllevar a un "volcado de memoria", que contiene la memoria del proceso en el momento en que se bloqueó. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-7080
https://notcve.org/view.php?id=CVE-2018-7080
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986. • http://www.securityfocus.com/bid/105814 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7067
https://notcve.org/view.php?id=CVE-2018-7067
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. Una omisión de autenticación remota en Aruba ClearPass Policy Manager conduce al compromiso total del clúster. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7065
https://notcve.org/view.php?id=CVE-2018-7065
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. Una vulnerabilidad de inyección SQL autenticada en Aruba ClearPass Policy Manager puede conducir al escalado de privilegios. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •