Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Aruba AirWave Glass Software

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2020-24640
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 78.02%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 18:48
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba AirWave Glass Software
CVE-2020-24639
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.85%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 18:33
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba AirWave Glass Software
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24638
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.72% / 85.35%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 18:29
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba AirWave Glass Software
CVE-2020-24641
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.68%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 18:26
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba AirWave Glass Software
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)