7.2
CVE-2026-44872
- EPSS 0.22%
- Veröffentlicht 12.05.2026 19:18:16
- Zuletzt bearbeitet 13.05.2026 22:42:55
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
LoginAuthenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management Interface
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 6.5.4.0 < 8.10.0.22
Arubanetworks ≫ Arubaos Version >= 8.11.0.0 < 8.12.0.7
Arubanetworks ≫ Arubaos Version >= 8.13.0.0 < 8.13.1.2
Arubanetworks ≫ Arubaos Version >= 10.4.0.0 < 10.4.1.11
Arubanetworks ≫ Arubaos Version >= 10.5.0.0 < 10.7.2.3
Arubanetworks ≫ Sd-wan Version >= 8.6.0.4-2.2.0.0 <= 8.6.0.4-2.2.0.7
Arubanetworks ≫ Sd-wan Version >= 8.7.0.0-2.3.0.0 <= 8.7.0.0-2.3.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.441 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-alert@hpe.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.