188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psa -2020-002 CVE: CVE-2019-5323, CVE-2019-5326发布日期:2020-Feb-251标题===== AirWave管理平台多个漏洞概述========在AirWave管理平台中发现多个远程代码执行漏洞。能够利用这些漏洞的攻击者可以在AirWave平台上运行不受信任的任意命令或代码。这三个漏洞都要求攻击者通过AirWave管理界面的身份验证。受影响产品=================—AirWave管理平台8.2.10.1细节之前x = = = = = = =远程代码执行通过命令注入(cve - 2019 - 5323 ) ----------------------------------------------------------- 有命令注入漏洞出现在电视的应用程序。某些由管理用户控制的输入字段在被AirWave解析之前没有被正确地消毒。如果满足条件，攻击者可以获取主机上的命令执行。内部参考:ATLAW-15, ATLAW-16 Severity: MEDIUM CVSSv3 Overall Score: 6.3 CVSS Vector:CVSS: 3.0 / AV: N /交流:L /公关:L / UI: N / S: U / C: L /我:L L /答:由于不安全的远程代码执行Java反序列化(cve - 2019 - 5326 ) ------------------------------------------------------------------------ 管理应用程序用户或应用程序用户以写模式访问VisualRF AMP平台上可以获得代码执行。 This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. Internal reference: ATLAW-17 Severity: MEDIUM CVSSv3 Overall Score: 6.3 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Resolution ========== These vulnerabilities are resolved by upgrading to AirWave version 8.2.10.1 or higher. Discovery ========= Aruba would like to thank the following researcher for discovering and reporting this vulnerability: - grouptherapy Workarounds =========== Restrict low-privilege AirWave console users from accessing the administrative interface until software can be upgraded. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code related to this issue. Revision History ================ Revision 1 / 2020-Feb-25 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl5N7w4ACgkQmP4JykWF htlJBwf+LHj3BBT0OKUsY1EhmJHXeHvMmoPNgWMerogYZSLKUqj57QCkW/r7exi9 qTuFf4v08rFCfiQosu5JC/Yr6vMFPXnHUxTfZFFuyDdlECEKSvF5T6HirEnSLWv1 Uon0j7dc6vx61LOkYJGIIlQ2K8POz3xGQDVvWulKkQgpQlqSqA4Ms7zMNueOXNQS 4TzI/v1/fWsWUvMnToei7ADQWD4xXo0Qa44iJUkNacrEN0CqZjVxmi6/MRzqVIBF rbQkpGAXV4AAkXaWqpFQGMtUbY3xfZQdLuGmpXp5hhORYCimfvq1BS5PKtMJ6Fjm PJ28E34XhboYK9WJH53yXdReHiSubQ== =0zV/ -----END PGP SIGNATURE-----