Arubanetworks Arubaos vulnerabilities
225 known vulnerabilities affecting arubanetworks/arubaos.
Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4
Vulnerabilities
Page 6 of 12
CVE-2021-37717P3HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37717 [HIGH] CWE-77 CVE-2021-37717: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2021-37718P3HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37718 [HIGH] CWE-77 CVE-2021-37718: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2023-35975P3HIGHCVSS 8.1≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35975 [HIGH] CWE-22 CVE-2023-35975: An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successf
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
nvd
CVE-2023-22769P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22769 [HIGH] CWE-77 CVE-2023-22769: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22770P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22770 [HIGH] CWE-77 CVE-2023-22770: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22766P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22766 [HIGH] CWE-77 CVE-2023-22766: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22765P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22765 [HIGH] CWE-77 CVE-2023-22765: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22768P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22768 [HIGH] CWE-77 CVE-2023-22768: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22762P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22762 [HIGH] CWE-77 CVE-2023-22762: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22767P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22767 [HIGH] CWE-77 CVE-2023-22767: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22764P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22764 [HIGH] CWE-77 CVE-2023-22764: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-22763P3HIGHCVSS 7.2≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22763 [HIGH] CWE-77 CVE-2023-22763: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2024-1356P3HIGHCVSS 7.2≥ 8.10.0.0, ≤ 8.10.0.9≥ 8.11.0.0, ≤ 8.11.2.0+2 more2024-03-05
CVE-2024-1356 [HIGH] CWE-77 CVE-2024-1356: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2024-25613P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-03-05
CVE-2024-25613 [HIGH] CWE-77 CVE-2024-25613: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2024-25611P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-03-05
CVE-2024-25611 [HIGH] CWE-77 CVE-2024-25611: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2024-25612P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.10≥ 8.11.0.0, < 8.11.2.1+2 more2024-03-05
CVE-2024-25612 [HIGH] CWE-77 CVE-2024-25612: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-35972P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35972 [HIGH] CWE-77 CVE-2023-35972: An authenticated remote command injection vulnerability exists in the ArubaOS web-based management i
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the devic
nvd
CVE-2025-27083P3HIGHCVSS 7.2≥ 8.10.0.0, < 8.10.0.16≥ 8.12.0.0, < 8.12.0.4+2 more2025-04-08
CVE-2025-27083 [HIGH] CWE-77 CVE-2025-27083: Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2025-37169P3HIGHCVSS 7.2≥ 10.3.0.0, < 10.4.1.10≥ 10.5.0.0, < 10.7.2.22026-01-13
CVE-2025-37169 [HIGH] CWE-787 CVE-2025-37169: A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gat
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.
nvd
CVE-2022-37906P3HIGHCVSS 8.1≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37906 [HIGH] CWE-22 CVE-2022-37906: An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successf
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.
nvd