Skip to main content

Arubaos

187 CVEs product

Monthly

CVE-2023-22791 MEDIUM This Month

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials. Rated medium severity (CVSS 4.8). No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-22790 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22789 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22788 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22787 HIGH This Week

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aruba Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-22786 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22785 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22784 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22783 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22782 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22781 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22780 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22779 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22778 MEDIUM This Month

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sd Wan Arubaos
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-22777 MEDIUM This Month

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22776 MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-22775 MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22774 MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22773 MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22772 MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22771 LOW Monitor

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Sd Wan
NVD
CVSS 3.1
2.4
EPSS
0.4%
CVE-2023-22770 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22769 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22768 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22767 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22766 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22765 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22764 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22763 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22762 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22761 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22760 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22759 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22758 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22757 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22756 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22755 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22754 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22753 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22752 CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Aruba Sd Wan +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-22751 CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Aruba Sd Wan +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-22750 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22749 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22748 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22747 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-37912 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-37911 MEDIUM This Month

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Sd Wan Arubaos
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-37910 MEDIUM This Month

A buffer overflow vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37909 MEDIUM This Month

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Aruba Sd Wan Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-37908 MEDIUM This Month

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-37907 HIGH This Week

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sd Wan Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37906 HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-37905 HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37904 HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37903 HIGH This Week

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37902 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37901 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37900 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37899 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37898 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-37897 CRITICAL Act Now

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-37896 MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba XSS Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37895 MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-37894 MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-37893 HIGH This Week

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-37892 MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37891 CRITICAL Act Now

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Buffer Overflow Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37890 CRITICAL Act Now

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Buffer Overflow Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37889 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37887 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37886 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-37885 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-37888 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37733 MEDIUM POC This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-37731 MEDIUM PATCH This Month

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12,. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-37729 MEDIUM PATCH This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37728 MEDIUM This Month

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-37725 HIGH PATCH This Week

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-37724 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37723 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37722 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37721 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37720 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37719 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-37718 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37717 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37716 CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-24637 HIGH This Week

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-24634 CRITICAL Act Now

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-24633 CRITICAL Act Now

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Sd Wan
NVD
CVSS 3.1
9.8
EPSS
4.9%
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials. Rated medium severity (CVSS 4.8). No vendor patch available.

Information Disclosure Aruba Arubaos +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aruba Arubaos +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sd Wan Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
EPSS 0% CVSS 2.4
LOW Monitor

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Sd Wan +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Sd Wan +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Aruba Sd Wan +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Sd Wan +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba XSS Arubaos +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Arubaos +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Buffer Overflow Arubaos +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Buffer Overflow Arubaos +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aruba Sd Wan +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12,. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Path Traversal Aruba Sd Wan +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Aruba Sd Wan +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Arubaos +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos +1
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Sd Wan +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Arubaos +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy