Arubanetworks Arubaos vulnerabilities
225 known vulnerabilities affecting arubanetworks/arubaos.
Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4
Vulnerabilities
Page 3 of 12
CVE-2026-44866P2HIGHCVSS 8.8≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44866 [HIGH] CWE-77 CVE-2026-44866: Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2025-37162P2HIGHCVSS 8.8fixed in 10.7.2.02025-11-18
CVE-2025-37162 [HIGH] CWE-77 CVE-2025-37162: A vulnerability in the command line interface of affected devices could allow an authenticated remot
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2020-24634P2CRITICALCVSS 9.8fixed in 8.2.2.10≥ 8.3.0.0, < 8.3.0.14+3 more2020-12-11
CVE-2020-24634 [CRITICAL] CWE-77 CVE-2020-24634: An attacker is able to remotely inject arbitrary commands by sending especially crafted packets dest
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.
nvd
CVE-2026-44871P2HIGHCVSS 8.8≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44871 [HIGH] CWE-77 CVE-2026-44871: Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2022-37891P2CRITICALCVSS 9.8≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37891 [CRITICAL] CWE-120 CVE-2022-37891: Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.
nvd
CVE-2022-37890P2CRITICALCVSS 9.8≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37890 [CRITICAL] CWE-120 CVE-2022-37890: Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.
nvd
CVE-2026-44870P2HIGHCVSS 8.8≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44870 [HIGH] CWE-77 CVE-2026-44870: Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2025-37168P2CRITICALCVSS 9.1≥ 6.5.4.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.1+2 more2026-01-13
CVE-2025-37168 [CRITICAL] CWE-552 CVE-2025-37168: Arbitrary file deletion vulnerability have been identified in a system function of mobility conducto
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on aff
nvd
CVE-2023-22788P2HIGHCVSS 8.8≥ 10.3.0.0, ≤ 10.3.1.02023-05-08
CVE-2023-22788 [HIGH] CWE-77 CVE-2023-22788: Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22790P2HIGHCVSS 8.8≥ 10.3.0.0, ≤ 10.3.1.02023-05-08
CVE-2023-22790 [HIGH] CWE-77 CVE-2023-22790: Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2024-31476P2HIGHCVSS 8.8≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31476 [HIGH] CWE-78 CVE-2024-31476: Multiple authenticated command injection vulnerabilities exist in the command line interface. Succes
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2024-31477P2HIGHCVSS 8.8≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31477 [HIGH] CWE-78 CVE-2024-31477: Multiple authenticated command injection vulnerabilities exist in the command line interface. Succes
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22789P2HIGHCVSS 8.8≥ 10.3.0.0, ≤ 10.3.1.02023-05-08
CVE-2023-22789 [HIGH] CWE-77 CVE-2023-22789: Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2022-37912P2HIGHCVSS 8.8≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37912 [HIGH] CWE-78 CVE-2022-37912: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2021-37716P3CRITICALCVSS 9.8≥ 8.3.0.0, < 8.3.0.15≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37716 [CRITICAL] CWE-120 CVE-2021-37716: A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba O
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2026-23827P3HIGHCVSS 7.5≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-23827 [HIGH] CWE-122 CVE-2026-23827: A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-1
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leadin
nvd
CVE-2022-37905P3HIGHCVSS 8.8≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+3 more2022-12-12
CVE-2022-37905 [HIGH] CWE-1236 CVE-2022-37905: Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execu
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
nvd
CVE-2022-37904P3HIGHCVSS 8.8≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+3 more2022-12-12
CVE-2022-37904 [HIGH] CWE-123 CVE-2022-37904: Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execu
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
nvd
CVE-2025-37133P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37133 [HIGH] CWE-77 CVE-2025-37133: An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mob
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2025-37134P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37134 [HIGH] CWE-77 CVE-2025-37134: An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mob
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
nvd