-----开始PGP签名消息-----哈希：SHA256 Aruba产品安全咨询===============================咨询ID：Aruba-PSA-2020-008 CVE：CVE-2020-7119出版日期：2020-SEP-01状态：确认修订版：1标题=====在分析和定位引擎中验证任意文件修改漏洞（ALE）概述======== Aruba已发布到分析和位置引擎（ALE）的更新，这些引擎（ALE）解决了本产品的Web管理界面中的高度严重性漏洞。受影响的产品=================此漏洞会影响分析和位置引擎（ALE）。上述产品的以下固件版本受影响：ALE 2.1.0。*在2.1.0.3 ALE 2.0.0之前。*详细信息=======在Web管理界面中存在漏洞，允许已验证的管理用户以任意修改文件作为底层特权操作系统用户。内部参考：ATLWL-141严重性：高CVSSv3总体分数：7.2 CVSS矢量：CVSS：3.0 / AV：N / AC：L / PR：H / UI：N / S：U / C：H / I：H / A.：H分辨率==========通过更新以下固件版本来解决此漏洞： - 2.1.0.3和更高的发现========= Aruba感谢以下研究人员发现和报告此漏洞：DUC anh nguyen解决方法===========无。开发和公开讨论================================== Aruba不知道任何公开讨论或利用代码相关这个问题。 Revision History ================ Revision 1 / 2020-Sep-01 / Initial Release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl9GwXMACgkQmP4JykWF htmS0Af/UsD3Q83IRPMQmDEbAPHWFXnUutKsUEug1/eXQMZ5sZy8yahcZ97YuXSw 51Dmdjpr07qHiqjEYfRsRQ5Md+ojFNZdd2wtLXUgqjY1hJq8qWQuBP0bMqbquGC0 FEiw7OjoXDDYW0sgG94KRll0sKmPEMHBX1/O65YDEhZiQoPntJSYUs0FqJxiqdkc oBvKk7mhH7U15F6YrcRdJOZiWAbqzGiWEt0fGBQYshA0GJGQBk+ia+Exa9Nl7GEr HIsfkH+qdxUQodkbFl2LYoO/FGQGInWFnh8liP3SU0w/pucTPpTmhh6QVoM5kL8X 6pOgrzUhyDZw1m1vOiCAlujTr0mDKQ== =JNIe -----END PGP SIGNATURE-----