CVE-2020-24641 - In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an

CVE-2020-24641

Summary

In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt

Vulnerable Configurations

cpe:2.3:a:arubanetworks:airwave_glass:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave_glass:1.3.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:

CWE

CWE-918

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt

Last major update

21-07-2021 - 11:39

Published

15-01-2021 - 19:15

Last modified

21-07-2021 - 11:39