Skip to main content

Sd Wan

107 CVEs product

Monthly

CVE-2023-20034 HIGH PATCH This Week

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Elastic Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20113 HIGH This Week

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Sd Wan
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-22778 MEDIUM This Month

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sd Wan Arubaos
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-22777 MEDIUM This Month

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22776 MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-22775 MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22774 MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22773 MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22772 MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22771 LOW Monitor

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Sd Wan
NVD
CVSS 3.1
2.4
EPSS
0.4%
CVE-2023-22770 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22769 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22768 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22767 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22766 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22765 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22764 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22763 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22762 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22761 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22760 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22759 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22758 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22757 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22756 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22755 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22754 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22753 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22752 CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Aruba Sd Wan +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-22751 CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Aruba Sd Wan +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-22750 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22749 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22748 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22747 CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-37912 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-37911 MEDIUM This Month

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Sd Wan Arubaos
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-37910 MEDIUM This Month

A buffer overflow vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37909 MEDIUM This Month

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Aruba Sd Wan Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-37908 MEDIUM This Month

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-37907 HIGH This Week

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sd Wan Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37906 HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-37905 HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37904 HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37903 HIGH This Week

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Sd Wan Arubaos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37902 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37901 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37900 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37899 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-37898 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-37897 CRITICAL Act Now

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-20930 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vmanage +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20850 HIGH This Week

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal Sd Wan Vbond Orchestrator Sd Wan Vmanage +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-20844 MEDIUM This Month

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-20818 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Sd Wan Vbond Orchestrator Sd Wan Vmanage Sd Wan Vsmart Controller +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-20775 HIGH POC KEV THREAT This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cisco Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vedge Cloud +2
NVD GitHub
CVSS 3.1
7.8
EPSS
12.5%
CVE-2022-20716 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Sd Wan Manager Sd Wan Solution Sd Wan Vbond Orchestrator +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22956 HIGH This Week

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware Gateway Sd Wan
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34726 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Sd Wan
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-1612 HIGH PATCH This Week

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Cisco Apple Information Disclosure Sd Wan
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-1589 MEDIUM PATCH This Month

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37733 MEDIUM POC This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-37731 MEDIUM PATCH This Month

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12,. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-37729 MEDIUM PATCH This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37725 HIGH PATCH This Week

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-37722 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37721 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37720 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37719 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-37718 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37717 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37716 CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-1614 MEDIUM PATCH This Month

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-24637 HIGH This Week

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-24634 CRITICAL Act Now

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-24633 CRITICAL Act Now

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Sd Wan
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-8273 HIGH This Week

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Citrix Sd Wan
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8272 HIGH This Week

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Sd Wan
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8271 CRITICAL Act Now

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Sd Wan
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2020-3600 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3595 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3594 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3593 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27128 MEDIUM This Month

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Sd Wan
NVD
CVSS 3.1
6.5
EPSS
60.8%
CVE-2020-3536 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sd Wan
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3375 CRITICAL Act Now

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Sd Wan Ios Xe Sd Wan
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-3374 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
9.9
EPSS
1.9%
CVE-2020-3180 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-12992 HIGH POC THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2019-12991 HIGH POC KEV THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.9%
CVE-2019-12990 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Citrix Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.3%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Elastic Cisco Authentication Bypass +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Sd Wan
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sd Wan Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
EPSS 0% CVSS 2.4
LOW Monitor

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aruba Command Injection +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Sd Wan +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Sd Wan +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Aruba Sd Wan +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Arubaos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Sd Wan +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager +4
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal +5
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Sd Wan Vbond Orchestrator +3
NVD
EPSS 12% CVSS 7.8
HIGH POC KEV THREAT This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cisco Catalyst Sd Wan Manager +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Sd Wan Manager +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Sd Wan
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Cisco Apple Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Authentication Bypass Sd Wan
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aruba Sd Wan +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12,. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Path Traversal Aruba Sd Wan +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Aruba Sd Wan +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Sd Wan +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Authentication Bypass +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Arubaos +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Citrix +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Sd Wan
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Sd Wan
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
EPSS 61% CVSS 6.5
MEDIUM This Month

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Sd Wan
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sd Wan
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Sd Wan +1
NVD
EPSS 2% CVSS 9.9
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sd Wan
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan
NVD
EPSS 49% CVSS 8.8
HIGH POC THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 74% CVSS 8.8
HIGH POC KEV THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD Exploit-DB
EPSS 39% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Citrix Netscaler Sd Wan +1
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy