CVE-2019-5323: 
NixOS vulnerability analysis and mitigation

Command injection vulnerabilities have been identified in the AirWave application. The vulnerability, tracked as CVE-2019-5323, affects AirWave versions from 8.0.0 up to (excluding) 8.2.10.1. These vulnerabilities exist in certain input fields that are controlled by administrative users and are not properly sanitized before being parsed by AirWave (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command). The attack requires high privileges but no user interaction, and can potentially lead to complete compromise of system confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to obtain command execution on the host system. Given the CVSS metrics, the impact could be severe with potential complete compromise of system confidentiality, integrity, and availability (NVD).

Users are advised to upgrade to AirWave version 8.2.10.1 or later to address this vulnerability. The fix has been documented in the vendor advisory (Aruba Advisory).