HIGH🇵🇱 Wersja polska

CVE-2026-44852

CVSS 7.2v3.1pub. 2026-05-12upd. 2026-05-15

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Arubanetworks Arubaos

    OS
    Arubanetworks
    6.5.4.0 – 8.10.0.22 (bez)8.11.0.0 – 8.12.0.7 (bez)8.13.0.0 – 8.13.1.2 (bez)10.4.0.0 – 10.4.1.11 (bez)10.5.0.0 – 10.7.2.3 (bez)
  • Arubanetworks Sd Wan

    APP
    Arubanetworks
    8.6.0.4-2.2.0.0 – 8.6.0.4-2.2.0.78.7.0.0-2.3.0.0 – 8.7.0.0-2.3.0.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-42395CRITICAL9.8PL ✓ten sam produkt

RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)

CVE-2024-42394CRITICAL9.8PL ✓ten sam produkt

RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)

CVE-2024-42393CRITICAL9.8PL ✓ten sam produkt

RCE w Soft AP Daemon Service — ArubaOS i InstantOS

CVE-2024-31469CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE

CVE-2024-31467CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE