CVE-2019-5326

HIGH

Aruba Airwave VisualRF - Code Injection

Title source: llm

Description

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

References (1)

[Vendor Advisory] https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt

Scores

CVSS v3 7.2

EPSS 0.0254

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

arubanetworks/airwave < 8.2.10.1

Timeline

Published Feb 27, 2020

Tracked Since Feb 18, 2026