Skip to main content

Arubaos

187 CVEs product

Monthly

CVE-2026-23812 MEDIUM This Month

ArubaOS access points are vulnerable to gateway impersonation attacks when clients connect via wired or wireless interfaces, allowing unauthenticated attackers to redirect network traffic into a man-in-the-middle position. An attacker can exploit address-based spoofing to intercept or modify data streams intended for the legitimate gateway, compromising the confidentiality of client communications. No patch is currently available.

Information Disclosure Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23811 MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to bypass Layer 2 (L2) communication restrictions between clients and redirect traf (CVSS 4.3).

Authentication Bypass Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23810 MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks (CVSS 4.3).

Code Injection Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23809 MEDIUM This Month

Traffic interception in ArubaOS Wi-Fi networks allows adjacent attackers to bypass BSSID isolation controls and redirect victim traffic by exploiting port associations across multiple wireless networks. Successful attacks could enable eavesdropping, session hijacking, or denial of service without authentication or user interaction. No patch is currently available for this medium-severity vulnerability.

Denial Of Service Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23808 MEDIUM This Month

Malicious actors can install unauthorized Group Temporal Keys on ArubaOS wireless clients through a standardized roaming protocol vulnerability, enabling frame injection and network segmentation bypass. An attacker positioned on the local network could leverage this to intercept traffic, bypass client isolation, and compromise network integrity and confidentiality. No patch is currently available.

RCE Code Injection Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23601 MEDIUM This Month

Improper cryptographic validation in ArubaOS Wi-Fi encryption allows adjacent network attackers to forge authenticated frames by spoofing the primary BSSID and inject tampered data to targeted clients without authentication. This medium-severity flaw (CVSS 5.4) bypasses standard encryption separation between wireless endpoints, enabling data manipulation on affected networks. No patch is currently available.

Authentication Bypass Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-37179 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]

Denial Of Service Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-37178 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]

Denial Of Service Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-37177 MEDIUM This Month

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37176 MEDIUM This Month

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. [CVSS 6.5 MEDIUM]

Command Injection Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37175 HIGH This Week

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

File Upload RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37174 HIGH This Week

Arubaos contains a vulnerability that allows attackers to an authenticated malicious actor to create or modify arbitrary files and execute (CVSS 7.2).

RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37173 HIGH This Week

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

Code Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37172 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37171 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37170 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37169 HIGH This Week

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. [CVSS 7.2 HIGH]

Stack Overflow Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37168 HIGH This Week

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. [CVSS 8.2 HIGH]

Path Traversal Information Disclosure Arubaos
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-37162 MEDIUM This Month

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37161 HIGH This Month

A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-27085 MEDIUM This Month

Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-27084 MEDIUM This Month

A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27083 HIGH This Week

Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-27082 HIGH This Week

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-42400 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42399 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42398 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42395 CRITICAL Act Now

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-42394 CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42393 CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31483 MEDIUM This Month

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-31482 HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31481 HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31480 HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31479 HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31478 HIGH This Week

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31477 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-31476 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-31475 HIGH This Week

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-31474 HIGH This Week

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-31473 CRITICAL Act Now

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-31472 CRITICAL Act Now

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-31471 CRITICAL Act Now

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-31470 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-31469 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31468 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31467 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31466 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-33518 MEDIUM This Month

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-33517 HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33516 HIGH This Week

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33515 HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33514 HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33513 MEDIUM This Month

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-25616 LOW Monitor

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Aruba Arubaos
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2024-25615 MEDIUM This Month

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-25614 CRITICAL Act Now

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-25613 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-25612 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-25611 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-1356 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-45627 MEDIUM This Month

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-45626 HIGH This Week

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Arubaos Instantos
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-45625 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-45624 HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45623 HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45622 HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45621 HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45620 HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45619 HIGH This Week

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45618 HIGH This Week

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45617 HIGH This Week

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45616 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-45615 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-45614 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-38486 MEDIUM This Month

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned. Rated medium severity (CVSS 6.4). No vendor patch available.

Aruba Authentication Bypass Arubaos
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-38485 MEDIUM This Month

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow RCE Aruba Arubaos
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-38484 MEDIUM This Month

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Code Injection Aruba Arubaos
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-35982 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35981 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35980 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35979 HIGH This Week

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35978 MEDIUM This Month

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35977 MEDIUM This Month

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35976 MEDIUM This Month

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35975 HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-35974 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-35973 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-35972 HIGH This Week

An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-35971 MEDIUM This Month

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
6.1
EPSS
0.6%
EPSS 0% CVSS 4.3
MEDIUM This Month

ArubaOS access points are vulnerable to gateway impersonation attacks when clients connect via wired or wireless interfaces, allowing unauthenticated attackers to redirect network traffic into a man-in-the-middle position. An attacker can exploit address-based spoofing to intercept or modify data streams intended for the legitimate gateway, compromising the confidentiality of client communications. No patch is currently available.

Information Disclosure Arubaos
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to bypass Layer 2 (L2) communication restrictions between clients and redirect traf (CVSS 4.3).

Authentication Bypass Arubaos
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks (CVSS 4.3).

Code Injection Arubaos
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Traffic interception in ArubaOS Wi-Fi networks allows adjacent attackers to bypass BSSID isolation controls and redirect victim traffic by exploiting port associations across multiple wireless networks. Successful attacks could enable eavesdropping, session hijacking, or denial of service without authentication or user interaction. No patch is currently available for this medium-severity vulnerability.

Denial Of Service Arubaos
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Malicious actors can install unauthorized Group Temporal Keys on ArubaOS wireless clients through a standardized roaming protocol vulnerability, enabling frame injection and network segmentation bypass. An attacker positioned on the local network could leverage this to intercept traffic, bypass client isolation, and compromise network integrity and confidentiality. No patch is currently available.

RCE Code Injection Arubaos
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper cryptographic validation in ArubaOS Wi-Fi encryption allows adjacent network attackers to forge authenticated frames by spoofing the primary BSSID and inject tampered data to targeted clients without authentication. This medium-severity flaw (CVSS 5.4) bypasses standard encryption separation between wireless endpoints, enabling data manipulation on affected networks. No patch is currently available.

Authentication Bypass Arubaos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]

Denial Of Service Arubaos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]

Denial Of Service Arubaos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Arubaos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. [CVSS 6.5 MEDIUM]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

File Upload RCE Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Arubaos contains a vulnerability that allows attackers to an authenticated malicious actor to create or modify arbitrary files and execute (CVSS 7.2).

RCE Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

Code Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. [CVSS 7.2 HIGH]

Stack Overflow Arubaos
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. [CVSS 8.2 HIGH]

Path Traversal Information Disclosure Arubaos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.5
HIGH This Month

A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arubaos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
EPSS 0% CVSS 8.2
HIGH This Week

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Aruba Arubaos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Arubaos +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
EPSS 1% CVSS 8.2
HIGH This Week

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned. Rated medium severity (CVSS 6.4). No vendor patch available.

Aruba Authentication Bypass Arubaos
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Code Injection Aruba +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Arubaos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy