CVE-2021-25166

HIGH

Aruba AirWave < 8.2.12.1 - Unauthenticated OS Command Injection

Title source: llm

Description

A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt

Scores

CVSS v3 8.8

EPSS 0.0094

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

arubanetworks/airwave < 8.2.12.1

Published Apr 29, 2021

Tracked Since Feb 18, 2026