188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psi -2021-015 CVE: CVE-2021-3156, CVE-2021-37715发布日期:2021- 8月17日状态:已确认严重程度:高修订:1标题===== AirWave管理平台多个漏洞概述======== Aruba发布了针对多个安全漏洞的AirWave管理平台更新。受影响的产品 ================= 频道管理平台之前8.2.13.0细节= = = = = = = Sudo特权升级漏洞又名“男爵Samedit”(cve - 2021 - 3156 ) --------------------------------------------------------------------- 命令行参数解析代码的漏洞sudo允许攻击者访问使用root权限执行命令或二进制文件。此漏洞的主要影响是作为“链式攻击”的一部分，攻击者通过另一个漏洞获得了较低权限的立脚点，然后利用此漏洞升级权限。内部参考:atlaws -178 Severity: High CVSSv3 Overall Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Discovery:该漏洞由Qualys研究团队发现。AirWave web管理界面存储跨站脚本攻击漏洞(cve - 2019 -37715) --------------------------------------------------------------------- AirWave web管理界面存储跨站脚本攻击漏洞(cve - 2019 -37715针对该界面的用户。成功的利用可以允许攻击者在受影响的界面上下文中在受害者的浏览器中执行任意脚本代码。内部引用:at法律-168严重性:中CVSSv3总分:5.5 CVSS矢量:CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N发现:该漏洞被Nymous (@nymous)通过Aruba的Bug Bounty程序发现并报告。 Resolution ========== Upgrade AirWave Management Platform to 8.2.13.0 and above. Workaround ========== To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces for AirWave be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Exploitation and Public Discussion ================================== Aruba is not aware of any exploitation tools or techniques that specifically target Aruba products. Revision History ================ Revision 1 / 2021-AUG-17 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2021 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmEVcDwXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtkqEAgAuSCH7y+xQCN3+3EsHAQ8yCv4 i0aaRwhPPYRa1aJj+7YX3Ep73FXakjp+7sb4Pqx8uLVPPxtWjk7jOBt4Leuefb/I lHlj9YWB6fDrXrQPtoyNIBwmgNt614L8j5Fr4bds1w85c5KfVkfypJcuFSNm+vRC 1/Uj4tXxa3M3hl1gfi8ulBxsRrhrNAmw2xZktmsD9xiOm6Jglo+CZj3XG2toO7uO S2MQJLLv2wpD6N2RSkpYz3bUm8yx1k/Y36Tn9Nhz73u22Q+vPZqPgb8+DLEVJcda gIqunPLM+ebaVI5V3DtxVMW5qRz3vPRJe8zZQQwJ9wfQ2xwFRjT1hOpUeHw5uQ== =vyKV -----END PGP SIGNATURE-----