CVE-2022-37893

HIGH

ArubaOS 10.3.0.0-10.3.1.0 and Aruba Instant 6.4.0.0-6.4.4.8-4.2.4.20 - Authenticated OS Command Injection

Title source: llm

Description

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

References (2)

Core 2

Core References

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt

Scores

CVSS v3 7.8

EPSS 0.0078

EPSS Percentile 74.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (3)

arubanetworks/arubaos 10.3.0.0 - 10.3.1.1

arubanetworks/instant 6.4.0.0 - 6.4.4.8-4.2.4.21

siemens/scalance_w1750d_firmware

Published Oct 07, 2022

Tracked Since Feb 18, 2026