CVE-2019-5326

Published: Feb 27, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

Affected (1)

Products: Arubanetworks: Airwave

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Airwave	From 8.0.0 to 8.2.10.1

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.