Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface_CVE-2026-44854

{
    "lastseen": "",
    "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.",
    "published": "2026-05-12T18:58:19.086Z",
    "modified": "2026-05-12T18:58:19.086Z",
    "type": "cve",
    "title": "Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US",
    "id": "CVE-2026-44854",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 8.13.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 8.12.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 8.10.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 10.8.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 10.7.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 10.4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking Wireless Operating System (AOS)",
    "version": "8.13.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}