Aruba Networks Aruba Mobility Controllers vulnerabilities

5 known vulnerabilities affecting aruba_networks/aruba_mobility_controllers.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2018-7081CRITICALCVSS 9.8vAruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.32019-09-13

CVE-2018-7081 [CRITICAL] CVE-2018-7081: A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system pr

CVE-2019-5315HIGHCVSS 7.2vAruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.32019-09-13

CVE-2019-5315 [HIGH] CVE-2019-5315: A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary comman A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not

CVE-2019-5314MEDIUMCVSS 6.1vAruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.32019-09-13

CVE-2019-5314 [MEDIUM] CVE-2019-5314: Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.

CVE-2008-5563HIGHCVSS 7.8v3.1.1.32008-12-15

CVE-2008-5563 [HIGH] CWE-399 CVE-2008-5563: Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote atta Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.

CVE-2008-0150MEDIUMCVSS 6.8≤ 2.4.8.11-fipsv2.3.6.15+4 more2008-01-09

CVE-2008-0150 [MEDIUM] CWE-287 CVE-2008-0150: Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.