CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-22769 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22768 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22767 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22766 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22765 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22764 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22763 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22762 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22761 HIGH
Aruba SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 and ArubaOS 8.6.0.0-8.6.0.18 - Authenticated Remote Command Injection
CVSS 7.2
CVE-2023-22760 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Remote Command Injection
CVSS 7.2
CVE-2023-22759 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Remote Command Injection
CVSS 7.2
CVE-2023-22758 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Remote Command Injection
CVSS 7.2
CVE-2023-22750 CRITICAL
Aruba SD-WAN 8.7.0.0-2.3.0.7 & ArubaOS 8.6.0.0-8.6.0.18 - RCE via PAPI UDP Port
CVSS 9.8
CVE-2023-22749 CRITICAL
Aruba SD-WAN 8.7.0.0-2.3.0.7 & ArubaOS 8.6.0.0-8.6.0.18 - RCE via PAPI UDP Port
CVSS 9.8
CVE-2023-22748 CRITICAL
Aruba SD-WAN 8.7.0.0-2.3.0.7 & ArubaOS 8.6.0.0-8.6.0.18 - RCE via PAPI UDP Port
CVSS 9.8
CVE-2023-22747 CRITICAL
Aruba SD-WAN 8.7.0.0-2.3.0.7 & ArubaOS 8.6.0.0-8.6.0.18 - RCE via PAPI UDP Port
CVSS 9.8
CVE-2023-20075 MEDIUM
Cisco Secure Email Gateway - Command Injection
CVSS 6.0
CVE-2023-23080 CRITICAL
Tenda CP7/CP3/IT7-PCS/IT7-LCS/IT7-PRS - OS Command Injection
CVSS 9.8
CVE-2023-26602 CRITICAL
ASUS ASMB8-iKVM Firmware <= 1.14.51 - Remote Code Execution via SNMP Extension Creation
CVSS 9.8
CVE-2023-23295 HIGH
Korenix JetWave Series - OS Command Injection via /goform/formSysCmd sysCmd Parameter
CVSS 8.8
CVE-2023-23294 HIGH
Korenix JetWave Series - OS Command Injection via file_name Parameter
CVSS 8.8
CVE-2023-23917 HIGH
Rocket.Chat < 5.2.0 - Prototype Pollution leading to Remote Code Execution
CVSS 8.8
CVE-2023-24184 CRITICAL
TOTOLink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-25805 CRITICAL
versionn < 1.1.0 - OS Command Injection
CVSS 9.8
CVE-2023-24238 CRITICAL
TOTOlink A7100RU(V7.4cu.2313_B20191024) - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits