Arubanetworks Arubaos vulnerabilities
225 known vulnerabilities affecting arubanetworks/arubaos.
Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4
Vulnerabilities
Page 5 of 12
CVE-2026-44860P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44860 [HIGH] CWE-89 CVE-2026-44860: SQL injection vulnerabilities exist in several underlying service components accessible through the
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database querie
nvd
CVE-2026-44861P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-44861 [HIGH] CWE-89 CVE-2026-44861: SQL injection vulnerabilities exist in several underlying service components accessible through the
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database querie
nvd
CVE-2022-37903P3HIGHCVSS 8.8≥ 6.5.4.0, < 6.5.4.23≥ 8.4.0.0, < 8.6.0.18+3 more2022-12-12
CVE-2022-37903 [HIGH] CWE-787 CVE-2022-37903: A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with att
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.
nvd
CVE-2024-25614P3CRITICALCVSS 9.1≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-03-05
CVE-2024-25614 [CRITICAL] CWE-22 CVE-2024-25614: There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitatio
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
nvd
CVE-2023-45618P3HIGHCVSS 8.2≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45618 [HIGH] CVE-2023-45618: There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Ar
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity
nvd
CVE-2023-45625P3HIGHCVSS 7.2≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45625 [HIGH] CWE-77 CVE-2023-45625: Multiple authenticated command injection vulnerabilities exist in the command line interface. Succes
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22761P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22761 [HIGH] CWE-77 CVE-2023-22761: Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management int
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the devic
nvd
CVE-2023-22760P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22760 [HIGH] CWE-77 CVE-2023-22760: Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management int
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the devic
nvd
CVE-2023-22758P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22758 [HIGH] CWE-77 CVE-2023-22758: Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management int
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the devic
nvd
CVE-2023-22759P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22759 [HIGH] CWE-77 CVE-2023-22759: Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management int
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the devic
nvd
CVE-2023-45617P3HIGHCVSS 8.2≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45617 [HIGH] CVE-2023-45617: There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's acces
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the acce
nvd
CVE-2023-45619P3HIGHCVSS 8.2≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45619 [HIGH] CVE-2023-45619: There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's acce
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the acces
nvd
CVE-2024-31475P3HIGHCVSS 8.2≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31475 [HIGH] CWE-463 CVE-2024-31475: There is an arbitrary file deletion vulnerability in the Central Communications service accessed by
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact t
nvd
CVE-2024-31474P3HIGHCVSS 8.2≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31474 [HIGH] CWE-463 CVE-2024-31474: There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Acces
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of th
nvd
CVE-2022-37900P3HIGHCVSS 7.2≥ 6.5.4.0, < 6.5.4.23≥ 8.4.0.0, < 8.6.0.18+3 more2022-12-12
CVE-2022-37900 [HIGH] CWE-78 CVE-2022-37900: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2022-37899P3HIGHCVSS 7.2≥ 6.5.4.0, < 6.5.4.23≥ 8.4.0.0, < 8.6.0.18+3 more2022-12-12
CVE-2022-37899 [HIGH] CWE-78 CVE-2022-37899: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2022-37902P3HIGHCVSS 7.2≥ 6.5.4.0, < 6.5.4.23≥ 8.4.0.0, < 8.6.0.18+3 more2022-12-12
CVE-2022-37902 [HIGH] CWE-78 CVE-2022-37902: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2022-37901P3HIGHCVSS 7.2≥ 6.5.4.0, < 6.5.4.23≥ 8.4.0.0, < 8.6.0.18+3 more2022-12-12
CVE-2022-37901 [HIGH] CWE-78 CVE-2022-37901: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2025-37176P3HIGHCVSS 7.2≥ 8.6.0.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.12026-01-13
CVE-2025-37176 [HIGH] CWE-77 CVE-2025-37176: A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a packag
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.
nvd
CVE-2025-27082P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.16≥ 8.12.0.0, < 8.12.0.4+2 more2025-04-08
CVE-2025-27082 [HIGH] CWE-434 CVE-2025-27082: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
nvd