The vulnerability is a stack‑based buffer overflow that can be triggered when an authenticated user with administrative privileges sends specially crafted requests through the command‑line interface of Hewlett Packard Enterprise Aruba Networking Wireless Operating System versions AOS‑8 or AOS‑10. The overflow occurs in multiple underlying management service components, allowing an attacker to inject and execute arbitrary code with the privileges of those services. The result is that the attacker can run code with elevated privileges on the underlying host operating system, effectively taking full control of the device. This is a classic example of a stack-based buffer overflow (CWE‑121).

AOS‑8 and AOS‑10 operating systems from Hewlett Packard Enterprise Aruba are affected. All components that process CLI requests in these versions are susceptible, so administrators who have command‑line or service access are at risk.

The CVSS score of 7.2 indicates a high‑severity vulnerability, and the EPSS score of less than 1% shows a currently low but non‑zero probability of exploitation. The vulnerability is not listed in CISA KEV, but once an attacker obtains or compromises legitimate administrative credentials, the flaw can be triggered remotely via the CLI, granting complete OS‑level takeover. This grants the attacker full confidentiality, integrity, and availability control over the affected device.