cbcvebase.

Arubanetworks Arubaos vulnerabilities

225 known vulnerabilities affecting arubanetworks/arubaos.

Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4

Vulnerabilities

Page 7 of 12
CVE-2021-37720P3HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37720 [HIGH] CWE-77 CVE-2021-37720: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2021-37721P3HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37721 [HIGH] CWE-77 CVE-2021-37721: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2021-37722P3HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37722 [HIGH] CWE-77 CVE-2021-37722: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2021-37719P3HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37719 [HIGH] CWE-77 CVE-2021-37719: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2022-37898P3HIGHCVSS 7.2≥ 6.5.4.0, < 6.5.4.23≥ 8.4.0.0, < 8.6.0.18+3 more2022-12-12
CVE-2022-37898 [HIGH] CWE-78 CVE-2022-37898: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2026-23826P3HIGHCVSS 7.5≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+1 more2026-05-12
CVE-2026-23826 [HIGH] CWE-770 CVE-2026-23826: A vulnerability in a network management service of AOS-8 Operating System could allow an unauthentic A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate
nvd
CVE-2023-35974P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35974 [HIGH] CWE-77 CVE-2023-35974: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2023-35973P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35973 [HIGH] CWE-77 CVE-2023-35973: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
nvd
CVE-2026-23824P3HIGHCVSS 7.5≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-23824 [HIGH] CWE-400 CVE-2026-23824: Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An una Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial
nvd
CVE-2026-23825P3HIGHCVSS 7.5≥ 6.5.4.0, < 8.10.0.22≥ 8.11.0.0, < 8.12.0.7+3 more2026-05-12
CVE-2026-23825 [HIGH] CWE-20 CVE-2026-23825: Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An una Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-
nvd
CVE-2021-37723P3HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37723 [HIGH] CWE-77 CVE-2021-37723: A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
CVE-2021-37724P3HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37724 [HIGH] CWE-77 CVE-2021-37724: A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
CVE-2026-23808P3HIGHCVSS 8.1≥ 6.5.4.0, ≤ 8.10.0.21≥ 8.11.0.0, ≤ 8.12.0.6+4 more2026-03-04
CVE-2026-23808 [HIGH] CWE-94 CVE-2026-23808: A vulnerability has been identified in a standardized wireless roaming protocol that could enable a A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere w
nvd
CVE-2019-5315P3HIGHCVSS 7.2≥ 8.0.0.0, < 8.3.0.02019-09-13
CVE-2019-5315 [HIGH] CWE-78 CVE-2019-5315: A command injection vulnerability is present in the web management interface of ArubaOS that permits A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects
nvd
CVE-2025-37173P3HIGHCVSS 7.2≥ 6.5.4.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.1+2 more2026-01-13
CVE-2025-37173 [HIGH] CWE-20 CVE-2025-37173: An improper input handling vulnerability exists in the web-based management interface of mobility co An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.
nvd
CVE-2022-37893P3HIGHCVSS 7.8≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37893 [HIGH] CWE-78 CVE-2022-37893: An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 comman An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.
nvd
CVE-2015-1388P3HIGHCVSS 7.2≤ 6.2.3.9v6.1.3.0+36 more2015-03-24
CVE-2015-1388 [HIGH] CWE-78 CVE-2015-1388: The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4. The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
nvd
CVE-2023-45626P3HIGHCVSS 7.2≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45626 [HIGH] CWE-863 CVE-2023-45626: An authenticated vulnerability has been identified allowing an attacker to effectively establish hig An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
nvd
CVE-2025-37161P3HIGHCVSS 7.5fixed in 10.7.2.02025-11-18
CVE-2025-37161 [HIGH] CWE-400 CVE-2025-37161: A vulnerability in the web-based management interface of affected products could allow an unauthenti A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations.
nvd
CVE-2020-24637P3HIGHCVSS 7.2fixed in 8.5.0.11≥ 8.6.0.0, < 8.6.0.6+1 more2020-12-11
CVE-2020-24637 [HIGH] CVE-2020-24637: Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Suc Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Control
nvd
Arubanetworks Arubaos vulnerabilities | cvebase