Arubanetworks Airwave vulnerabilities

CVE-2021-26962 [HIGH] CWE-78 CVE-2021-26962: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root

CVE-2021-26961 [HIGH] CWE-352 CVE-2021-26961: A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba Air A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist

CVE-2021-26963 [HIGH] CVE-2021-26963: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the

CVE-2021-26960 [HIGH] CWE-352 CVE-2021-26960: A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba Air A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist

CVE-2021-26970 [MEDIUM] CWE-78 CVE-2021-26970: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execut

CVE-2021-26969 [MEDIUM] CWE-611 CVE-2021-26969: A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve fi

CVE-2021-26971 [MEDIUM] CVE-2021-26971: A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Man A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbit

CVE-2021-26965 [MEDIUM] CWE-89 CVE-2021-26965: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platfo A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and m

CVE-2021-26968 [MEDIUM] CWE-79 CVE-2021-26968: A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWa A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A

CVE-2021-26966 [MEDIUM] CWE-89 CVE-2021-26966: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platfo A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and m

CVE-2021-26967 [MEDIUM] CWE-79 CVE-2021-26967: A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Manageme A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A

CVE-2019-5323 [HIGH] CWE-77 CVE-2019-5323: There are command injection vulnerabilities present in the AirWave application. Certain input fields There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

CVE-2019-5326 [HIGH] CWE-502 CVE-2019-5326: An administrative application user of or application user with write access to Aruba Airwave VisualR An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

CVE-2016-2031 [CRITICAL] CWE-20 CVE-2016-2031: Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient vali Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.

CVE-2016-2032 [HIGH] CWE-287 CVE-2016-2032: A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management i A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672

CVE-2014-8368 [CRITICAL] CWE-264 CVE-2014-8368: The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authent The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.