CVE-2021-25163 - A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi

CVE-2021-25163

Summary

A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt

Vulnerable Configurations

cpe:2.3:a:arubanetworks:airwave:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.3.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.5.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.5.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.9:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.9:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.10:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.10:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.11:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.11:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.12:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.12:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.13:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.13:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.14:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.14:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.14.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:7.7.14.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:airwave:8.2.12.0:*:*:*:*:*:*:*

CVSS

Base:	5.5 (as of 03-05-2021 - 23:02)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:P

Last major update

03-05-2021 - 23:02

Published

29-04-2021 - 11:15

Last modified

03-05-2021 - 23:02