343
CVEs
81
Critical
150
High
0
KEV
11
PoC
217
Unpatched C/H
8.2%
Patch Rate
2.1%
Avg EPSS
Severity Breakdown
CRITICAL
81
HIGH
150
MEDIUM
108
LOW
4
Monthly CVE Trend
Affected Products (30)
Clearpass Policy Manager
91
Arubaos
77
Scalance W1750D Firmware
46
Instantos
32
Airwave
29
Clearpass
28
Instant
27
Edgeconnect Enterprise
23
Sd Wan
22
Aos Cx
12
Aruba Instant
8
Airwave Glass
8
Fabric Composer
5
Aos Cx Firmware
3
Aruba Virtual Intranet Access
3
Aruba Edgeconnect Enterprise Orchestrator
3
2530 Firmware
2
3810M Firmware
2
5412R Firmware
2
5406R Firmware
2
2915 Firmware
2
Open Redirect
2
Aruba Clearpass Policy Manager
2
2615 Firmware
2
Cx 6200F Firmware
2
Cx 8325 Firmware
2
2540 Firmware
2
2620 Firmware
2
Cx 6400 Firmware
2
Cx 6300 Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-26304 | There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 44.0% | 69 |
PoC
No patch
|
| CVE-2021-25162 | A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available. | HIGH | 8.1 | 27.0% | 60 |
PoC
|
| CVE-2015-4650 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 5.5% | 54 |
No patch
|
| CVE-2014-6626 | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 3.9% | 54 |
No patch
|
| CVE-2015-1389 | Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.4%. | MEDIUM | 4.3 | 12.4% | 54 |
PoC
No patch
|
| CVE-2014-5342 | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 2.6% | 53 |
No patch
|
| CVE-2021-25155 | A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available. | MEDIUM | 6.5 | 13.3% | 52 |
PoC
|
| CVE-2021-25159 | A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available. | MEDIUM | 6.5 | 13.5% | 52 |
PoC
|
| CVE-2021-25161 | A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | MEDIUM | 6.1 | 16.4% | 50 |
PoC
|
| CVE-2022-23657 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 3.0% | 50 |
No patch
|
| CVE-2022-23658 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 2.7% | 50 |
No patch
|
| CVE-2022-23660 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 2.7% | 50 |
No patch
|
| CVE-2021-25158 | A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available. | MEDIUM | 5.9 | 30.6% | 50 |
PoC
|
| CVE-2018-7058 | Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 3.9% | 49 |
No patch
|
| CVE-2020-7124 | A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 1.4% | 49 |
No patch
|