cbcvebase.

Arubanetworks Arubaos vulnerabilities

225 known vulnerabilities affecting arubanetworks/arubaos.

Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4

Vulnerabilities

Page 8 of 12
CVE-2024-31478P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31478 [HIGH] CWE-78 CVE-2024-31478: Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon access Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.
nvd
CVE-2025-37177P3MEDIUMCVSS 6.5≥ 6.5.4.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.1+2 more2026-01-13
CVE-2025-37177 [MEDIUM] CWE-552 CVE-2025-37177: An arbitrary file deletion vulnerability has been identified in the command-line interface of mobili An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
nvd
CVE-2014-7299P3HIGHCVSS 7.5v6.3.11v6.4.2.12014-10-08
CVE-2014-7299 [HIGH] CVE-2014-7299: Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.
nvd
CVE-2023-45624P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45624 [HIGH] CVE-2023-45624: An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via t An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2023-45620P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45620 [HIGH] CVE-2023-45620: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PA Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2023-45621P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45621 [HIGH] CWE-400 CVE-2023-45621: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PA Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2023-45622P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45622 [HIGH] CWE-400 CVE-2023-45622: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2023-45623P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45623 [HIGH] CVE-2023-45623: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed v Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2024-31482P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31482 [HIGH] CWE-78 CVE-2024-31482: An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service acce An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.
nvd
CVE-2025-37178P3HIGHCVSS 7.5≥ 8.6.0.0, < 8.10.0.21≥ 8.11.0.0, < 8.13.1.12026-01-13
CVE-2025-37178 [HIGH] CWE-125 CVE-2025-37178: Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for ha Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential d
nvd
CVE-2008-2273P3CRITICALCVSS 9.0≤ 3.3v3.1+1 more2008-05-16
CVE-2008-2273 [CRITICAL] CVE-2008-2273: Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.
nvd
CVE-2025-37136P3MEDIUMCVSS 6.5≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37136 [MEDIUM] CWE-284 CVE-2025-37136: Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
nvd
CVE-2025-37137P3MEDIUMCVSS 6.5≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37137 [MEDIUM] CWE-284 CVE-2025-37137: Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
nvd
CVE-2025-37135P3MEDIUMCVSS 6.5≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37135 [MEDIUM] CWE-284 CVE-2025-37135: Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
nvd
CVE-2023-22787P3HIGHCVSS 7.5≥ 10.3.0.0, ≤ 10.3.1.02023-05-08
CVE-2023-22787 [HIGH] CVE-2023-22787: An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI p An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2023-35979P3HIGHCVSS 7.5≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35979 [HIGH] CWE-120 CVE-2023-35979: There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.
nvd
CVE-2018-7080P3HIGHCVSS 7.5≥ 6.4.4.0, < 6.4.4.20≥ 6.5.3.0, < 6.5.3.9+3 more2018-12-07
CVE-2018-7080 [HIGH] CVE-2018-7080: A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access poi A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in aff
nvd
CVE-2024-33514P3HIGHCVSS 7.5≥ 8.10.0.0, ≤ 8.10.0.10≥ 8.11.0.0, ≤ 8.11.2.1+2 more2024-05-01
CVE-2024-33514 [HIGH] CWE-121 CVE-2024-33514: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2024-33515P3HIGHCVSS 7.5≥ 8.10.0.0, ≤ 8.10.0.10≥ 8.11.0.0, ≤ 8.11.2.1+2 more2024-05-01
CVE-2024-33515 [HIGH] CWE-121 CVE-2024-33515: Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2024-33516P3HIGHCVSS 7.5≥ 8.10.0.0, ≤ 8.10.0.10≥ 8.11.0.0, ≤ 8.11.2.1+2 more2024-05-01
CVE-2024-33516 [HIGH] CWE-121 CVE-2024-33516: An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.
nvd
Arubanetworks Arubaos vulnerabilities | cvebase