Improper Authentication in Aruba Instant
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-5317 |
| CWE-ID | CWE-287 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Aruba Instant Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Aruba Networks |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU53246
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5317
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication mechanisms and gain access to the Aruba Instant command line interface.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAruba Instant: - - 8.6.0.2
CPE2.3- cpe:2.3:h:aruba_networks:aruba_instant:4.2.4.18:*:*:*:*:*:*:*
- cpe:2.3:h:aruba_networks:aruba_instant:6.4.4.8:*:*:*:*:*:*:*
- cpe:2.3:h:aruba_networks:aruba_instant:6.5.4.15:*:*:*:*:*:*:*
- cpe:2.3:h:aruba_networks:aruba_instant:8.3.0.11:*:*:*:*:*:*:*
- cpe:2.3:h:aruba_networks:aruba_instant:8.4.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:aruba_networks:aruba_instant:8.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:h:aruba_networks:aruba_instant:8.6.0.2:*:*:*:*:*:*:*
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
