Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24638
Reference (s):
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt
- URL: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt