2018-02-15 11:02:26 -05:00
{
2019-05-10 17:00:47 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
2019-03-18 06:56:43 +00:00
"CVE_data_meta" : {
"ID" : "CVE-2018-7082" ,
2019-05-10 17:00:47 +00:00
"ASSIGNER" : "security-alert@hpe.com" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "n/a" ,
"product" : {
"product_data" : [
{
"product_name" : "Aruba Instant (IAP)" ,
"version" : {
"version_data" : [
{
"version_value" : "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
}
}
]
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Authenticated command injection "
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM" ,
"name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt" ,
"url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
2019-05-14 13:00:50 +00:00
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf" ,
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
2019-05-20 16:00:45 +00:00
} ,
{
"refsource" : "BID" ,
"name" : "108374" ,
"url" : "http://www.securityfocus.com/bid/108374"
2019-05-10 17:00:47 +00:00
}
]
2019-03-18 06:56:43 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-05-10 17:00:47 +00:00
"value" : "A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
2019-03-18 06:56:43 +00:00
}
]
}
}
