cbcvebase.

Arubanetworks Arubaos vulnerabilities

225 known vulnerabilities affecting arubanetworks/arubaos.

Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4

Vulnerabilities

Page 10 of 12
CVE-2022-37908P4MEDIUMCVSS 6.5≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37908 [MEDIUM] CWE-494 CVE-2022-37908: An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controll An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
nvd
CVE-2023-38484P4MEDIUMCVSS 6.4≥ 8.6.0.0, < 8.6.0.22≥ 8.10.0.0, < 8.10.0.7+2 more2023-09-06
CVE-2023-38484 [MEDIUM] CWE-94 CVE-2023-38484: Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gatew Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system comp
nvd
CVE-2023-38485P4MEDIUMCVSS 6.4≥ 8.6.0.0, < 8.6.0.22≥ 8.10.0.0, < 8.10.0.7+2 more2023-09-06
CVE-2023-38485 [MEDIUM] CWE-787 CVE-2023-38485: Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gatew Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system com
nvd
CVE-2023-38486P4MEDIUMCVSS 6.4≥ 8.6.0.0, < 8.6.0.22≥ 8.10.0.0, < 8.10.0.7+2 more2023-09-06
CVE-2023-38486 [MEDIUM] CWE-863 CVE-2023-38486: A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned
nvd
CVE-2022-37910P4MEDIUMCVSS 6.5≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37910 [MEDIUM] CWE-120 CVE-2022-37910: A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitatio A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.
nvd
CVE-2026-44873P4MEDIUMCVSS 5.4≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+1 more2026-05-12
CVE-2026-44873 [MEDIUM] CWE-613 CVE-2026-44873: A session management vulnerability in AOS-8 allows previously authenticated users to retain network A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to m
nvd
CVE-2025-27085P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.16≥ 8.12.0.0, < 8.12.0.4+2 more2025-04-08
CVE-2025-27085 [MEDIUM] CWE-22 CVE-2025-27085: Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controll Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
nvd
CVE-2025-37144P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37144 [MEDIUM] CWE-22 CVE-2025-37144: Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS- Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
nvd
CVE-2025-37145P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37145 [MEDIUM] CWE-22 CVE-2025-37145: Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS- Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
nvd
CVE-2025-37143P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37143 [MEDIUM] CWE-284 CVE-2025-37143: An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW a An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.
nvd
CVE-2025-37140P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37140 [MEDIUM] CWE-284 CVE-2025-37140: Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mo Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
nvd
CVE-2025-37141P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37141 [MEDIUM] CWE-284 CVE-2025-37141: Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mo Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
nvd
CVE-2025-37142P4MEDIUMCVSS 4.9≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37142 [MEDIUM] CWE-284 CVE-2025-37142: Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mo Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
nvd
CVE-2023-22776P4MEDIUMCVSS 4.9≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22776 [MEDIUM] CWE-22 CVE-2023-22776: An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successf An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
nvd
CVE-2026-44874P4MEDIUMCVSS 4.9≥ 10.4.0.0, < 10.4.1.11≥ 10.5.0.0, < 10.7.2.3+1 more2026-05-12
CVE-2026-44874 [MEDIUM] CWE-284 CVE-2026-44874: A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow a A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against
nvd
CVE-2023-35971P4MEDIUMCVSS 6.1≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35971 [MEDIUM] CWE-79 CVE-2023-35971: A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
nvd
CVE-2023-35978P4MEDIUMCVSS 6.1≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35978 [MEDIUM] CWE-79 CVE-2023-35978: A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cro A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
nvd
CVE-2024-33513P4MEDIUMCVSS 5.9≥ 8.10.0.0, ≤ 8.10.0.10≥ 8.11.0.0, ≤ 8.11.2.1+2 more2024-05-01
CVE-2024-33513 [MEDIUM] CWE-121 CVE-2024-33513: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2025-37179P4MEDIUMCVSS 5.3≥ 8.6.0.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.12026-01-13
CVE-2025-37179 [MEDIUM] CWE-125 CVE-2025-37179: Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for ha Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential
nvd
CVE-2022-37894P4MEDIUMCVSS 6.5≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37894 [MEDIUM] CVE-2022-37894: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; A
nvd
Arubanetworks Arubaos vulnerabilities | cvebase