CVE & CISA-KEV Catalog

CVE-2016-8526

HIGHEPSS 95th pctl
8.8
CVSS v3
NVD

Description

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.

How to fix

Remediation Available
airwaveNVD
Affected:< 8.2.3.1Fixed in:8.2.3.1CVE-2016-8526derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

9.81%probability of exploitation in 30 days
95thpercentile

High risk: more likely to be exploited than 95% of all known CVEs.

References

Vendor Advisory1
Third-Party Advisory1

Related Vulnerabilities

Other CWE-611 (XML External Entity (XXE)) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-34102Critical9.8100%KEVFix
CVE-2019-9670Critical9.8100%KEVFix
CVE-2022-28219Critical9.897%--
CVE-2024-22024High8.395%--
CVE-2024-38653High7.592%--
CVE-2017-12629Critical9.892%-Fix
Embed a live status badge for CVE-2016-8526
CVE-2016-8526 severity badge

Markdown

[![CVE-2016-8526](https://tridentstack.com/cve/badge/CVE-2016-8526.svg)](https://tridentstack.com/cve/CVE-2016-8526)

HTML

<a href="https://tridentstack.com/cve/CVE-2016-8526"><img src="https://tridentstack.com/cve/badge/CVE-2016-8526.svg" alt="CVE-2016-8526"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.