cbcvebase.

Arubanetworks Arubaos vulnerabilities

225 known vulnerabilities affecting arubanetworks/arubaos.

Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4

Vulnerabilities

Page 12 of 12
CVE-2009-3836P4MEDIUMCVSS 6.1v3.1.1v3.3.1.16+5 more2009-11-02
CVE-2009-3836 [MEDIUM] CVE-2009-3836: ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.
nvd
CVE-2024-25616P4LOWCVSS 3.7≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-03-05
CVE-2024-25616 [LOW] CVE-2024-25616: Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensit Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
nvd
CVE-2026-23810P4LOWCVSS 3.1≥ 6.5.4.0, ≤ 8.10.0.21≥ 8.11.0.0, ≤ 8.12.0.6+4 more2026-03-04
CVE-2026-23810 [LOW] CWE-300 CVE-2026-23810: A vulnerability in the packet processing logic may allow an authenticated attacker to craft and tran A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent tra
nvd
CVE-2026-23811P4LOWCVSS 3.1≥ 6.5.4.0, ≤ 8.10.0.21≥ 8.11.0.0, ≤ 8.12.0.6+4 more2026-03-04
CVE-2026-23811 [LOW] CWE-300 CVE-2026-23811: A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) commu A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack
nvd
CVE-2023-22771P4LOWCVSS 2.4≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22771 [LOW] CWE-613 CVE-2023-22771: An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Succe An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
nvd
Arubanetworks Arubaos vulnerabilities | cvebase