cbcvebase.

Arubanetworks Arubaos vulnerabilities

225 known vulnerabilities affecting arubanetworks/arubaos.

Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4

Vulnerabilities

Page 4 of 12
CVE-2025-37171P3HIGHCVSS 7.2≥ 8.6.0.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.12026-01-13
CVE-2025-37171 [HIGH] CWE-78 CVE-2025-37171: Authenticated command injection vulnerabilities exist in the web-based management interface of mobil Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2026-44854P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44854 [HIGH] CWE-77 CVE-2026-44854: Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.
nvd
CVE-2026-44853P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44853 [HIGH] CWE-77 CVE-2026-44853: Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.
nvd
CVE-2026-44865P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44865 [HIGH] CWE-77 CVE-2026-44865: Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2026-44872P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44872 [HIGH] CWE-77 CVE-2026-44872: A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 O A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.
nvd
CVE-2025-37175P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.1+2 more2026-01-13
CVE-2025-37175 [HIGH] CWE-434 CVE-2025-37175: Arbitrary file upload vulnerability exists in the web-based management interface of mobility conduct Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.
nvd
CVE-2008-7023P3CRITICALCVSS 10.0v3.3.1.162009-08-21
CVE-2008-7023 [CRITICAL] CWE-310 CVE-2008-7023: Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same d Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
nvd
CVE-2025-37170P3HIGHCVSS 7.2≥ 8.6.0.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.12026-01-13
CVE-2025-37170 [HIGH] CWE-78 CVE-2025-37170: Authenticated command injection vulnerabilities exist in the web-based management interface of mobil Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2025-37172P3HIGHCVSS 7.2≥ 8.6.0.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.12026-01-13
CVE-2025-37172 [HIGH] CWE-78 CVE-2025-37172: Authenticated command injection vulnerabilities exist in the web-based management interface of mobil Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2025-37132P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37132 [HIGH] CWE-434 CVE-2025-37132: An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-1 An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.
nvd
CVE-2025-37174P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.1+2 more2026-01-13
CVE-2025-37174 [HIGH] CWE-277 CVE-2025-37174: Authenticated arbitrary file write vulnerability exists in the web-based management interface of mob Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating s
nvd
CVE-2026-44852P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44852 [HIGH] CWE-296 CVE-2026-44852: An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based manage An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Su
nvd
CVE-2026-44859P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44859 [HIGH] CWE-121 CVE-2026-44859: Stack-based buffer overflow vulnerabilities exist in several underlying management service component Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Success
nvd
CVE-2026-44856P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44856 [HIGH] CWE-121 CVE-2026-44856: Stack-based buffer overflow vulnerabilities exist in several underlying management service component Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Success
nvd
CVE-2026-44857P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44857 [HIGH] CWE-121 CVE-2026-44857: Stack-based buffer overflow vulnerabilities exist in several underlying management service component Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Success
nvd
CVE-2026-44855P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44855 [HIGH] CWE-121 CVE-2026-44855: Stack-based buffer overflow vulnerabilities exist in several underlying management service component Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Success
nvd
CVE-2026-44858P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44858 [HIGH] CWE-121 CVE-2026-44858: Stack-based buffer overflow vulnerabilities exist in several underlying management service component Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Success
nvd
CVE-2026-44862P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44862 [HIGH] CWE-89 CVE-2026-44862: SQL injection vulnerabilities exist in several underlying service components accessible through the SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database querie
nvd
CVE-2026-44863P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44863 [HIGH] CWE-89 CVE-2026-44863: SQL injection vulnerabilities exist in several underlying service components accessible through the SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database querie
nvd
CVE-2026-44864P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44864 [HIGH] CWE-89 CVE-2026-44864: SQL injection vulnerabilities exist in several underlying service components accessible through the SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database querie
nvd
Arubanetworks Arubaos vulnerabilities | cvebase