threat
engine
.sh
Back
·
··:··
Home
/
Product
/
arubanetworks arubaos
Product
arubanetworks arubaos
254 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-44871
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS
7.2
HIGH
CVE-2026-44874
>= 10.4.0.0 and < 10.4.1.11
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacke
4.9
MEDIUM
CVE-2026-44873
>= 6.5.4.0 and < 8.10.0.22
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts ar
5.4
MEDIUM
CVE-2026-44872
>= 6.5.4.0 and < 8.10.0.22
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful e
7.2
HIGH
CVE-2026-44870
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS
7.2
HIGH
CVE-2026-44869
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44868
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44867
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44866
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44865
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44864
>= 6.5.4.0 and < 8.10.0.22
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line
7.2
HIGH
CVE-2026-44863
>= 6.5.4.0 and < 8.10.0.22
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line
7.2
HIGH
CVE-2026-44862
>= 6.5.4.0 and < 8.10.0.22
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line
7.2
HIGH
CVE-2026-44861
>= 6.5.4.0 and < 8.10.0.22
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line
7.2
HIGH
CVE-2026-44860
>= 6.5.4.0 and < 8.10.0.22
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line
7.2
HIGH
CVE-2026-44859
>= 6.5.4.0 and < 8.10.0.22
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command
7.2
HIGH
CVE-2026-44858
>= 6.5.4.0 and < 8.10.0.22
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command
7.2
HIGH
CVE-2026-44857
>= 6.5.4.0 and < 8.10.0.22
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command
7.2
HIGH
CVE-2026-44856
>= 6.5.4.0 and < 8.10.0.22
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command
7.2
HIGH
CVE-2026-44855
>= 6.5.4.0 and < 8.10.0.22
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command
7.2
HIGH
CVE-2026-44854
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44853
>= 6.5.4.0 and < 8.10.0.22
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful ex
7.2
HIGH
CVE-2026-44852
>= 6.5.4.0 and < 8.10.0.22
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerabilit
7.2
HIGH
CVE-2026-23827
>= 6.5.4.0 and < 8.10.0.22
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthen
7.5
HIGH
CVE-2026-23826
>= 6.5.4.0 and < 8.10.0.22
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploi
7.5
HIGH
CVE-2026-23825
>= 6.5.4.0 and < 8.10.0.22
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could ex
7.5
HIGH
CVE-2026-23824
>= 6.5.4.0 and < 8.10.0.22
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could ex
7.5
HIGH
CVE-2026-23817
>= 10.06.0000 and < 10.10.1180
A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirec
6.5
MEDIUM
CVE-2026-23812
>= 6.5.4.0 and <= 8.10.0.21
A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can imp
4.3
MEDIUM
CVE-2026-23811
>= 6.5.4.0 and <= 8.10.0.21
A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between
4.3
MEDIUM
CVE-2026-23810
>= 6.5.4.0 and <= 8.10.0.21
A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame t
4.3
MEDIUM
CVE-2026-23809
>= 6.5.4.0 and <= 8.10.0.21
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By levera
5.4
MEDIUM
CVE-2026-23808
>= 6.5.4.0 and <= 8.10.0.21
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an
5.4
MEDIUM
CVE-2026-23601
>= 6.5.4.0 and <= 8.10.0.21
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate sha
5.4
MEDIUM
CVE-2025-37179
>= 8.6.0.0 and < 8.10.0.21
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. D
5.3
MEDIUM
CVE-2025-37178
>= 8.6.0.0 and < 8.10.0.21
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. D
5.3
MEDIUM
CVE-2025-37177
>= 6.5.4.0 and < 8.10.0.21
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either A
6.5
MEDIUM
CVE-2025-37176
>= 8.6.0.0 and < 8.10.0.21
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell comma
6.5
MEDIUM
CVE-2025-37175
>= 6.5.4.0 and < 8.10.0.21
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or A
7.2
HIGH
CVE-2025-37174
>= 6.5.4.0 and < 8.10.0.21
Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running eithe
7.2
HIGH
CVE-2025-37173
>= 6.5.4.0 and < 8.10.0.21
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10
7.2
HIGH
CVE-2025-37172
>= 8.6.0.0 and < 8.10.0.21
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 o
7.2
HIGH
CVE-2025-37171
>= 8.6.0.0 and < 8.10.0.21
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 o
7.2
HIGH
CVE-2025-37170
>= 8.6.0.0 and < 8.10.0.21
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 o
7.2
HIGH
CVE-2025-37169
>= 10.3.0.0 and < 10.4.1.10
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation
7.2
HIGH
CVE-2025-37168
>= 6.5.4.0 and < 8.10.0.21
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating sys
8.2
HIGH
CVE-2025-37162
< 10.7.2.0
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a comman
6.5
MEDIUM
CVE-2025-37161
< 10.7.2.0
A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause
7.5
HIGH
CVE-2025-37160
>= 10.10.0000 and < 10.10.1170
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker wit
5.3
MEDIUM
CVE-2025-37159
>= 10.10.0000 and < 10.10.1170
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote a
5.8
MEDIUM
CVE-2025-37158
>= 10.10.0000 and < 10.10.1170
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remo
6.7
MEDIUM
CVE-2025-37157
>= 10.10.0000 and < 10.10.1170
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remo
6.7
MEDIUM
CVE-2025-37156
>= 10.10.0000 and < 10.10.1170
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerabilit
6.8
MEDIUM
CVE-2025-37155
>= 10.10.0000 and < 10.10.1170
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authen
7.8
HIGH
CVE-2025-37145
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conducto
4.9
MEDIUM
CVE-2025-37144
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conducto
4.9
MEDIUM
CVE-2025-37143
>= 8.10.0.0 and < 8.10.0.19
An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility C
4.9
MEDIUM
CVE-2025-37142
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating sys
4.9
MEDIUM
CVE-2025-37141
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating sys
4.9
MEDIUM
CVE-2025-37140
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating sys
4.9
MEDIUM
CVE-2025-37138
>= 8.10.0.0 and < 8.10.0.19
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mo
6.2
MEDIUM
CVE-2025-37137
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conduct
6.5
MEDIUM
CVE-2025-37136
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conduct
6.5
MEDIUM
CVE-2025-37135
>= 8.10.0.0 and < 8.10.0.19
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conduct
6.5
MEDIUM
CVE-2025-37134
>= 8.10.0.0 and < 8.10.0.19
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating syst
7.2
HIGH
CVE-2025-37133
>= 8.10.0.0 and < 8.10.0.19
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating syst
7.2
HIGH
CVE-2025-37132
>= 8.10.0.0 and < 8.10.0.19
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobi
7.2
HIGH
CVE-2025-27085
>= 8.10.0.0 and < 8.10.0.16
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Success
4.9
MEDIUM
CVE-2025-27084
>= 8.10.0.0 and < 8.10.0.16
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to con
5.4
MEDIUM
CVE-2025-27083
>= 8.10.0.0 and < 8.10.0.16
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based managemen
7.2
HIGH
CVE-2025-27082
>= 8.10.0.0 and < 8.10.0.16
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobili
7.2
HIGH
CVE-2024-42400
>= 10.4.0.0 and < 10.4.1.2
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Succe
5.3
MEDIUM
CVE-2024-42399
>= 10.4.0.0 and < 10.4.1.2
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Succe
5.3
MEDIUM
CVE-2024-42398
>= 10.4.0.0 and < 10.4.1.2
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Succe
5.3
MEDIUM
CVE-2024-42395
>= 10.3.0.0 and < 10.4.1.4
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated R
9.8
CRITICAL
CVE-2024-42394
>= 10.3.0.0 and < 10.4.1.4
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack.
9.8
CRITICAL
CVE-2024-42393
>= 10.3.0.0 and < 10.4.1.4
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack.
9.8
CRITICAL
CVE-2024-31483
>= 10.3.0.0 and < 10.4.1.1
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successf
4.9
MEDIUM
CVE-2024-31482
>= 10.3.0.0 and < 10.4.1.1
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Su
5.3
MEDIUM
CVE-2024-31481
>= 10.3.0.0 and < 10.4.1.1
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploi
5.3
MEDIUM
CVE-2024-31480
>= 10.3.0.0 and < 10.4.1.1
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploi
5.3
MEDIUM
CVE-2024-31479
>= 10.3.0.0 and < 10.4.1.1
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol
5.3
MEDIUM
CVE-2024-31478
>= 10.3.0.0 and < 10.4.1.1
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Succ
5.3
MEDIUM
CVE-2024-31477
>= 10.3.0.0 and < 10.4.1.1
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vul
7.2
HIGH
CVE-2024-31476
>= 10.3.0.0 and < 10.4.1.1
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vul
7.2
HIGH
CVE-2024-31475
>= 10.3.0.0 and < 10.4.1.1
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point man
8.2
HIGH
CVE-2024-31474
>= 10.3.0.0 and < 10.4.1.1
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol).
8.2
HIGH
CVE-2024-31473
>= 10.3.0.0 and < 10.4.1.1
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote co
9.8
CRITICAL
CVE-2024-31472
>= 10.3.0.0 and < 10.4.1.1
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote cod
9.8
CRITICAL
CVE-2024-31471
>= 10.3.0.0 and < 10.4.1.1
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated rem
9.8
CRITICAL
CVE-2024-31470
>= 10.3.0.0 and < 10.4.1.1
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to
9.8
CRITICAL
CVE-2024-31469
>= 10.3.0.0 and < 10.4.1.1
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remo
9.8
CRITICAL
CVE-2024-31468
>= 10.3.0.0 and < 10.4.1.1
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remo
9.8
CRITICAL
CVE-2024-31467
>= 10.3.0.0 and < 10.4.1.1
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution b
9.8
CRITICAL
CVE-2024-31466
>= 10.3.0.0 and < 10.4.1.1
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution b
9.8
CRITICAL
CVE-2024-33518
>= 8.10.0.0 and < 8.10.0.10
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI proto
5.3
MEDIUM
CVE-2024-33517
>= 8.10.0.0 and <= 8.10.0.10
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI proto
5.3
MEDIUM
CVE-2024-33516
>= 8.10.0.0 and <= 8.10.0.10
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by Ar
5.3
MEDIUM
CVE-2024-33515
>= 8.10.0.0 and <= 8.10.0.10
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Success
5.3
MEDIUM
CVE-2024-33514
>= 8.10.0.0 and <= 8.10.0.10
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Success
5.3
MEDIUM
CVE-2024-33513
>= 8.10.0.0 and <= 8.10.0.10
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Success
5.9
MEDIUM
CVE-2024-25616
>= 8.10.0.0 and < 8.10.0.10
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUT
3.7
LOW
CVE-2024-25615
>= 8.10.0.0 and < 8.10.0.10
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS
5.3
MEDIUM
CVE-2024-25614
>= 8.10.0.0 and < 8.10.0.10
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability result
5.5
MEDIUM
CVE-2024-25613
>= 8.10.0.0 and < 8.10.0.10
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2024-25612
>= 8.10.0.0 and < 8.10.0.10
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2024-25611
>= 8.10.0.0 and < 8.10.0.10
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2024-1356
>= 8.10.0.0 and <= 8.10.0.9
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-45627
>= 10.3.0.0 and < 10.4.0.3
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability re
4.3
MEDIUM
CVE-2023-45626
>= 10.3.0.0 and < 10.4.0.3
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbi
5.5
MEDIUM
CVE-2023-45625
>= 10.3.0.0 and < 10.4.0.3
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vul
7.2
HIGH
CVE-2023-45624
>= 10.3.0.0 and < 10.4.0.3
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful e
7.5
HIGH
CVE-2023-45623
>= 10.3.0.0 and < 10.4.0.3
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successf
7.5
HIGH
CVE-2023-45622
>= 10.3.0.0 and < 10.4.0.3
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful
7.5
HIGH
CVE-2023-45621
>= 10.3.0.0 and < 10.4.0.3
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploi
7.5
HIGH
CVE-2023-45620
>= 10.3.0.0 and < 10.4.0.3
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploi
7.5
HIGH
CVE-2023-45619
>= 10.3.0.0 and < 10.4.0.3
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol).
8.2
HIGH
CVE-2023-45618
>= 10.3.0.0 and < 10.4.0.3
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management
8.2
HIGH
CVE-2023-45617
>= 10.3.0.0 and < 10.4.0.3
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol).
8.2
HIGH
CVE-2023-45616
>= 10.3.0.0 and < 10.4.0.3
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code e
9.8
CRITICAL
CVE-2023-45615
>= 10.3.0.0 and < 10.4.0.3
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution b
9.8
CRITICAL
CVE-2023-45614
>= 10.3.0.0 and < 10.4.0.3
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution b
9.8
CRITICAL
CVE-2023-38486
>= 8.6.0.0 and < 8.6.0.22
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an atta
7.7
HIGH
CVE-2023-38485
>= 8.6.0.0 and < 8.6.0.22
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attac
8.0
HIGH
CVE-2023-38484
>= 8.6.0.0 and < 8.6.0.22
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attac
8.0
HIGH
CVE-2023-39268
< a.15.16.0026
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially cra
4.5
MEDIUM
CVE-2023-39267
< a.15.16.0026
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitati
6.6
MEDIUM
CVE-2023-39266
< a.15.16.0026
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored
8.3
HIGH
CVE-2023-3718
>= 10.10.0000 and <= 10.10.1050
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vuln
8.8
HIGH
CVE-2023-35982
>= 10.4.0.0 and < 10.4.0.2
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2023-35981
>= 10.4.0.0 and < 10.4.0.2
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2023-35980
>= 10.4.0.0 and < 10.4.0.2
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2023-35979
>= 6.5.4.0 and < 8.6.0.21
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface.
5.3
MEDIUM
CVE-2023-35978
>= 6.5.4.0 and < 8.6.0.21
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) atta
6.1
MEDIUM
CVE-2023-35977
>= 6.5.4.0 and < 8.6.0.21
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interfac
6.5
MEDIUM
CVE-2023-35976
>= 6.5.4.0 and < 8.6.0.21
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interfac
6.5
MEDIUM
CVE-2023-35975
>= 6.5.4.0 and < 8.6.0.21
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vuln
6.5
MEDIUM
CVE-2023-35974
>= 6.5.4.0 and < 8.6.0.21
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vu
7.2
HIGH
CVE-2023-35973
>= 6.5.4.0 and < 8.6.0.21
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vu
7.2
HIGH
CVE-2023-35972
>= 6.5.4.0 and < 8.6.0.21
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploit
7.2
HIGH
CVE-2023-35971
>= 6.5.4.0 and < 8.6.0.21
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored
8.8
HIGH
CVE-2023-22791
>= 10.3.0.0 and <= 10.3.1.0
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLA
5.4
MEDIUM
CVE-2023-22790
>= 10.3.0.0 and <= 10.3.1.0
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Suc
7.2
HIGH
CVE-2023-22789
>= 10.3.0.0 and <= 10.3.1.0
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Suc
7.2
HIGH
CVE-2023-22788
>= 10.3.0.0 and <= 10.3.1.0
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Suc
7.2
HIGH
CVE-2023-22787
>= 10.3.0.0 and <= 10.3.1.0
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba Ins
7.5
HIGH
CVE-2023-22786
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22785
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22784
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22783
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22782
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22781
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22780
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-22779
>= 10.3.0.0 and <= 10.3.1.0
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code executio
9.8
CRITICAL
CVE-2023-1168
>= 10.06.0000 and < 10.06.0240
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitatio
7.2
HIGH
CVE-2023-22778
>= 8.6.0.0 and <= 8.6.0.19
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-sit
4.8
MEDIUM
CVE-2023-22777
>= 8.6.0.0 and <= 8.6.0.19
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitatio
4.9
MEDIUM
CVE-2023-22776
>= 8.6.0.0 and <= 8.6.0.19
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulner
4.9
MEDIUM
CVE-2023-22775
>= 8.6.0.0 and <= 8.6.0.19
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interfac
6.5
MEDIUM
CVE-2023-22774
>= 8.6.0.0 and <= 8.6.0.19
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnera
7.2
HIGH
CVE-2023-22773
>= 8.6.0.0 and <= 8.6.0.19
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnera
7.2
HIGH
CVE-2023-22772
>= 8.6.0.0 and <= 8.6.0.19
An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of thi
6.5
MEDIUM
CVE-2023-22771
>= 8.6.0.0 and <= 8.6.0.19
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vul
6.8
MEDIUM
CVE-2023-22770
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22769
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22768
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22767
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22766
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22765
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22764
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22763
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22762
>= 8.6.0.0 and <= 8.6.0.19
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2023-22761
>= 8.6.0.0 and <= 8.6.0.19
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitatio
7.2
HIGH
CVE-2023-22760
>= 8.6.0.0 and <= 8.6.0.19
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitatio
7.2
HIGH
CVE-2023-22759
>= 8.6.0.0 and <= 8.6.0.19
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitatio
7.2
HIGH
CVE-2023-22758
>= 8.6.0.0 and <= 8.6.0.19
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitatio
7.2
HIGH
CVE-2023-22757
>= 8.6.0.0 and <= 8.6.0.19
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated rem
8.1
HIGH
CVE-2023-22756
>= 8.6.0.0 and <= 8.6.0.19
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated rem
8.1
HIGH
CVE-2023-22755
>= 8.6.0.0 and <= 8.6.0.19
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated rem
8.1
HIGH
CVE-2023-22754
>= 8.6.0.0 and <= 8.6.0.19
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated rem
8.1
HIGH
CVE-2023-22753
>= 8.6.0.0 and <= 8.6.0.19
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated rem
8.1
HIGH
CVE-2023-22752
>= 8.6.0.0 and <= 8.6.0.19
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending speciall
9.8
CRITICAL
CVE-2023-22751
>= 8.6.0.0 and <= 8.6.0.19
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending speciall
9.8
CRITICAL
CVE-2023-22750
>= 8.6.0.0 and <= 8.6.0.19
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially
9.8
CRITICAL
CVE-2023-22749
>= 8.6.0.0 and <= 8.6.0.19
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially
9.8
CRITICAL
CVE-2023-22748
>= 8.6.0.0 and <= 8.6.0.19
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially
9.8
CRITICAL
CVE-2023-22747
>= 8.6.0.0 and <= 8.6.0.19
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially
9.8
CRITICAL
CVE-2022-37912
>= 6.5.4.0 and < 6.5.4.22
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2022-37911
>= 6.5.4.0 and < 6.5.4.22
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful
3.8
LOW
CVE-2022-37910
>= 6.5.4.0 and < 6.5.4.22
A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result
4.4
MEDIUM
CVE-2022-37909
>= 6.5.4.0 and < 6.5.4.22
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSID
5.3
MEDIUM
CVE-2022-37908
>= 6.5.4.0 and < 6.5.4.22
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation c
5.8
MEDIUM
CVE-2022-37907
>= 6.5.4.0 and < 6.5.4.22
A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) conditio
5.8
MEDIUM
CVE-2022-37906
>= 6.5.4.0 and < 6.5.4.22
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnera
6.5
MEDIUM
CVE-2022-37905
>= 6.5.4.0 and < 6.5.4.22
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the b
6.6
MEDIUM
CVE-2022-37904
>= 6.5.4.0 and < 6.5.4.22
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the b
6.6
MEDIUM
CVE-2022-37903
>= 6.5.4.0 and < 6.5.4.23
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via t
7.2
HIGH
CVE-2022-37902
>= 6.5.4.0 and < 6.5.4.23
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2022-37901
>= 6.5.4.0 and < 6.5.4.23
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2022-37900
>= 6.5.4.0 and < 6.5.4.23
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2022-37899
>= 6.5.4.0 and < 6.5.4.23
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2022-37898
>= 6.5.4.0 and < 6.5.4.23
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vuln
7.2
HIGH
CVE-2022-37897
>= 6.5.4.0 and < 6.5.4.22
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted p
9.8
CRITICAL
CVE-2022-37896
>= 10.3.0.0 and < 10.3.1.1
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflecte
6.1
MEDIUM
CVE-2022-37895
>= 10.3.0.0 and < 10.3.1.1
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and Aru
4.9
MEDIUM
CVE-2022-37894
>= 10.3.0.0 and < 10.3.1.1
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and Aru
6.5
MEDIUM
CVE-2022-37893
>= 10.3.0.0 and < 10.3.1.1
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful e
7.8
HIGH
CVE-2022-37892
>= 10.3.0.0 and < 10.3.1.1
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to c
5.4
MEDIUM
CVE-2022-37891
>= 10.3.0.0 and < 10.3.1.1
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successf
9.8
CRITICAL
CVE-2022-37890
>= 10.3.0.0 and < 10.3.1.1
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successf
9.8
CRITICAL
CVE-2022-37889
>= 10.3.0.0 and < 10.3.1.1
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2022-37887
>= 10.3.0.0 and < 10.3.1.1
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2022-37886
>= 10.3.0.0 and < 10.3.1.1
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2022-37885
>= 10.3.0.0 and < 10.3.1.1
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2022-37888
>= 10.3.0.0 and < 10.3.1.1
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution
9.8
CRITICAL
CVE-2021-41003
>= 10.06.0001 and <= 10.06.0170
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Se
6.1
MEDIUM
CVE-2021-41002
>= 10.06.0001 and <= 10.06.0170
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200
8.1
HIGH
CVE-2021-41001
>= 10.07.0001 and <= 10.07.0050
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F
8.8
HIGH
CVE-2021-41000
>= 10.06.0001 and <= 10.06.0170
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200
8.8
HIGH
CVE-2002-20001
>= 10.06.0000 and < 10.06.0180
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actual
7.5
HIGH
CVE-2021-37733
>= 8.3.0.0 and < 8.3.0.16
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versio
4.9
MEDIUM
CVE-2021-37731
>= 8.3.0.0 and < 8.3.0.15
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version
6.2
MEDIUM
CVE-2021-37729
>= 6.4.4.0 and < 6.4.4.25
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versio
6.5
MEDIUM
CVE-2021-37728
>= 8.5.0.0 and < 8.5.0.13
A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6
6.5
MEDIUM
CVE-2021-37725
>= 8.3.0.0 and < 8.3.0.15
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating Sys
8.1
HIGH
CVE-2021-37724
>= 8.3.0.0 and < 8.3.0.16
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2,
7.2
HIGH
CVE-2021-37723
>= 8.3.0.0 and < 8.3.0.16
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2,
7.2
HIGH
CVE-2021-37722
>= 6.4.4.0 and < 6.4.4.25
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System So
7.2
HIGH
CVE-2021-37721
>= 6.4.4.0 and < 6.4.4.25
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System So
7.2
HIGH
CVE-2021-37720
>= 6.4.4.0 and < 6.4.4.25
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System So
7.2
HIGH
CVE-2021-37719
>= 6.4.4.0 and < 6.4.4.25
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System So
7.2
HIGH
CVE-2021-37718
>= 8.3.0.0 and < 8.3.0.16
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System So
7.2
HIGH
CVE-2021-37717
>= 8.3.0.0 and < 8.3.0.16
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System So
7.2
HIGH
CVE-2021-37716
>= 8.3.0.0 and < 8.3.0.15
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versi
9.8
CRITICAL
CVE-2019-5318
>= 6.1.3.7 and <= 6.5.4.20
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: al
6.5
MEDIUM
CVE-2020-24637
< 8.5.0.11
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this v
7.2
HIGH
CVE-2020-24634
< 8.2.2.10
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networ
9.8
CRITICAL
CVE-2020-24633
< 6.4.4.24
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially
9.8
CRITICAL
CVE-2016-2032
all versions
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying syst
7.5
HIGH
CVE-2016-2031
all versions
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input
9.8
CRITICAL
CVE-2019-5315
>= 8.0.0.0 and < 8.3.0.0
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to exec
7.2
HIGH
CVE-2019-5314
< 6.4.4.20
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attac
6.1
MEDIUM
CVE-2018-7081
< 6.4.4.21
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the
9.8
CRITICAL
CVE-2018-7080
>= 6.4.4.0 and < 6.4.4.20
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able t
7.5
HIGH
CVE-2017-9003
all versions
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With
7.5
HIGH
CVE-2017-9000
< 6.3.1.25
ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior
9.8
CRITICAL
CVE-2017-14491
>= 6.3.1 and < 6.3.1.25
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrar
9.8
CRITICAL
CVE-2015-1388
<= 6.2.3.9
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in
CVE-2014-7299
all versions
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba cont
CVE-2013-2290
all versions
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x befo
CVE-2009-3836
all versions
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a de
CVE-2008-7095
all versions
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1
CVE-2008-7023
all versions
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for a
CVE-2008-2273
<= 3.3
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remot
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin