Vulnerability Description
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Aruba Instant | >= 4.0, < 4.2.4.12 |
| Siemens | Scalance W1750D Firmware | < 8.4.0.1 |
| Siemens | Scalance W1750D | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108374Broken LinkThird Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdfThird Party Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txtVendor Advisory
- http://www.securityfocus.com/bid/108374Broken LinkThird Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdfThird Party Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txtVendor Advisory
FAQ
What is CVE-2018-7084?
CVE-2018-7084 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating sy...
How severe is CVE-2018-7084?
CVE-2018-7084 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7084?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Aruba Instant, Siemens Scalance W1750D Firmware, Siemens Scalance W1750D.