Arubanetworks Arubaos vulnerabilities
225 known vulnerabilities affecting arubanetworks/arubaos.
Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4
Vulnerabilities
Page 11 of 12
CVE-2022-37896P4MEDIUMCVSS 6.1≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37896 [MEDIUM] CWE-79 CVE-2022-37896: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba Inst
nvd
CVE-2022-37892P4MEDIUMCVSS 5.4≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37892 [MEDIUM] CWE-79 CVE-2022-37892: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauth
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interfac
nvd
CVE-2024-42398P4MEDIUMCVSS 5.3≥ 10.4.0.0, < 10.4.1.2v10.6.0.02024-08-06
CVE-2024-42398 [MEDIUM] CWE-400 CVE-2024-42398: Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accesse
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
nvd
CVE-2024-42400P4MEDIUMCVSS 5.3≥ 10.4.0.0, < 10.4.1.2v10.6.0.02024-08-06
CVE-2024-42400 [MEDIUM] CVE-2024-42400: Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accesse
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
nvd
CVE-2024-42399P4MEDIUMCVSS 5.3≥ 10.4.0.0, < 10.4.1.2v10.6.0.02024-08-06
CVE-2024-42399 [MEDIUM] CWE-400 CVE-2024-42399: Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accesse
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
nvd
CVE-2019-5318P4MEDIUMCVSS 6.5≥ 6.1.3.7, ≤ 6.5.4.20≥ 8.0.0.0, < 8.8.0.02021-09-07
CVE-2019-5318 [MEDIUM] CWE-352 CVE-2019-5318: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System So
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
CVE-2025-27084P4MEDIUMCVSS 6.1≥ 8.10.0.0, < 8.10.0.16≥ 8.12.0.0, < 8.12.0.4+2 more2025-04-08
CVE-2025-27084 [MEDIUM] CWE-79 CVE-2025-27084: A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.
nvd
CVE-2022-37911P4MEDIUMCVSS 5.5≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37911 [MEDIUM] CWE-611 CVE-2022-37911: Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line inte
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
nvd
CVE-2024-25615P4MEDIUMCVSS 5.3≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-03-05
CVE-2024-25615 [MEDIUM] CWE-400 CVE-2024-25615: An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed vi
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2021-37733P4MEDIUMCVSS 4.9≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.11+2 more2021-09-07
CVE-2021-37733 [MEDIUM] CWE-22 CVE-2021-37733: A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Op
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2019-5314P4MEDIUMCVSS 6.1fixed in 6.4.4.20≥ 6.5.4.0, < 6.5.4.11+2 more2019-09-13
CVE-2019-5314 [MEDIUM] CWE-74 CVE-2019-5314: Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injectio
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.
nvd
CVE-2024-33518P4MEDIUMCVSS 5.3≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-05-01
CVE-2024-33518 [MEDIUM] CWE-121 CVE-2024-33518: An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager servi
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2021-37731P4MEDIUMCVSS 6.2≥ 8.3.0.0, < 8.3.0.15≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37731 [MEDIUM] CWE-22 CVE-2021-37731: A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Ope
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2026-23601P4MEDIUMCVSS 5.4≥ 6.5.4.0, ≤ 8.10.0.21≥ 8.11.0.0, ≤ 8.12.0.6+4 more2026-03-04
CVE-2026-23601 [MEDIUM] CWE-327 CVE-2026-23601: A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A ma
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standa
nvd
CVE-2022-37895P4MEDIUMCVSS 4.9≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37895 [MEDIUM] CVE-2022-37895: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; A
nvd
CVE-2022-37909P4MEDIUMCVSS 5.3≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37909 [MEDIUM] CWE-200 CVE-2022-37909: Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclo
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
nvd
CVE-2023-22778P4MEDIUMCVSS 4.8≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22778 [MEDIUM] CWE-79 CVE-2023-22778: A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
nvd
CVE-2023-22791P4MEDIUMCVSS 4.8≥ 10.3.0.0, ≤ 10.3.1.02023-05-08
CVE-2023-22791 [MEDIUM] CVE-2023-22791: A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network c
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can oc
nvd
CVE-2026-23812P4MEDIUMCVSS 4.2≥ 6.5.4.0, ≤ 8.10.0.21≥ 8.11.0.0, ≤ 8.12.0.6+4 more2026-03-04
CVE-2026-23812 [MEDIUM] CWE-300 CVE-2026-23812: A vulnerability has been identified where an attacker connecting to an access point as a standard wi
A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate n
nvd
CVE-2013-2290P4MEDIUMCVSS 4.3v6.2.0.0v6.2.0.1+9 more2013-03-28
CVE-2013-2290 [MEDIUM] CWE-79 CVE-2013-2290: Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aru
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via
nvd