← Back

CVE-2021-41000

nvd nist
Published: Mar 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.

Affected (3)

Products: Hpe: Arubaos Cx
Hpe
1 product
Arubaos Cx
Configuration A
3 vulnerable · 14 platform
Vulnerable SoftwareAffected Versions
Hpe
Arubaos Cx
From 10.06.0001 to 10.06.0170
Arubaos Cx
From 10.07.0001 to 10.07.0020
Arubaos Cx
Version 10.08.0001
Running on/withPlatform Versions
Hpe
Aruba 8320
All versions
Hpe
Aruba 8325 32 C
All versions
Hpe
Aruba 8325 48y8c
All versions
Hpe
Aruba 8360 12c
All versions
Hpe
Aruba 8360 16y2c
All versions
Hpe
Aruba 8360 24xf2c
All versions
Hpe
Aruba 8360 32y4c
All versions
Hpe
Aruba 8360 48xt4c
All versions
Hpe
Aruba 8400x
All versions
Hpe
Aruba Cx 6200f
All versions
Hpe
Aruba Cx 6300f
All versions
Hpe
Aruba Cx 6300m
All versions
Hpe
Aruba Cx 6405
All versions
Hpe
Aruba Cx 6410
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.