CVE-2020-7119

MEDIUM

Aruba Analytics & Location Engine <2.1.0.2 - Privilege Escalation

Title source: llm

Description

A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt

Scores

CVSS v3 4.9

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (2)

arubanetworks/analytics_and_location_engine 2.0.0.0

arubanetworks/analytics_and_location_engine 2.1.0.0 - 2.1.0.3

Published Sep 04, 2020

Tracked Since Feb 18, 2026