cbcvebase.

Arubanetworks Arubaos vulnerabilities

225 known vulnerabilities affecting arubanetworks/arubaos.

Total CVEs
225
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH119MEDIUM57LOW4

Vulnerabilities

Page 9 of 12
CVE-2024-31480P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31480 [HIGH] CWE-78 CVE-2024-31480: Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PA Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2024-31479P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31479 [HIGH] CWE-78 CVE-2024-31479: Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2024-31481P3HIGHCVSS 7.5≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31481 [HIGH] CWE-78 CVE-2024-31481: Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PA Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2024-33517P3HIGHCVSS 7.5≥ 8.10.0.0, ≤ 8.10.0.10≥ 8.11.0.0, ≤ 8.11.2.1+2 more2024-05-01
CVE-2024-33517 [HIGH] CWE-121 CVE-2024-33517: An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager servi An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
nvd
CVE-2026-23809P3HIGHCVSS 7.6≥ 6.5.4.0, ≤ 8.10.0.21≥ 8.11.0.0, ≤ 8.12.0.6+4 more2026-03-04
CVE-2026-23809 [HIGH] CWE-400 CVE-2026-23809: A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victi
nvd
CVE-2022-37907P3HIGHCVSS 7.5≥ 6.5.4.0, < 6.5.4.22≥ 8.4.0.0, < 8.6.0.17+2 more2022-12-12
CVE-2022-37907 [HIGH] CWE-400 CVE-2022-37907: A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a de A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.
nvd
CVE-2023-22773P3MEDIUMCVSS 6.5≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22773 [MEDIUM] CWE-22 CVE-2023-22773: Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
nvd
CVE-2023-22774P3MEDIUMCVSS 6.5≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22774 [MEDIUM] CWE-22 CVE-2023-22774: Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
nvd
CVE-2023-22772P3MEDIUMCVSS 6.5≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22772 [MEDIUM] CWE-22 CVE-2023-22772: An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
nvd
CVE-2024-31483P3MEDIUMCVSS 6.5≥ 10.3.0.0, < 10.4.1.1≥ 10.5.0.0, < 10.5.1.12024-05-14
CVE-2024-31483 [MEDIUM] CVE-2024-31483: An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed v An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
nvd
CVE-2023-22777P3MEDIUMCVSS 6.5≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22777 [MEDIUM] CWE-668 CVE-2023-22777: An authenticated information disclosure vulnerability exists in the ArubaOS web-based management int An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
nvd
CVE-2021-37725P3HIGHCVSS 8.1≥ 8.3.0.0, < 8.3.0.15≥ 8.5.0.0, < 8.5.0.12+3 more2021-09-07
CVE-2021-37725 [HIGH] CWE-352 CVE-2021-37725: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerabili
nvd
CVE-2023-22775P3MEDIUMCVSS 6.5≥ 8.6.0.0, ≤ 8.6.0.19≥ 8.10.0.0, ≤ 8.10.0.4+1 more2023-03-01
CVE-2023-22775 [MEDIUM] CWE-668 CVE-2023-22775: A vulnerability exists which allows an authenticated attacker to access sensitive information on the A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
nvd
CVE-2023-35976P3MEDIUMCVSS 6.5≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35976 [MEDIUM] CVE-2023-35976: Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the A Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
nvd
CVE-2023-35977P3MEDIUMCVSS 6.5≥ 6.5.4.0, < 8.6.0.21≥ 8.7.0.0, < 8.10.0.7+2 more2023-07-05
CVE-2023-35977 [MEDIUM] CVE-2023-35977: Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the A Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
nvd
CVE-2025-37138P3MEDIUMCVSS 6.2≥ 8.10.0.0, < 8.10.0.19≥ 8.12.0.0, < 8.12.0.6+3 more2025-10-14
CVE-2025-37138 [MEDIUM] CWE-77 CVE-2025-37138: An authenticated command injection vulnerability exists in the command line interface binary of AOS- An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute a
nvd
CVE-2008-7095P4HIGHCVSS 7.8v3.3.2.62009-08-27
CVE-2008-7095 [HIGH] CWE-264 CVE-2008-7095: The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMP
nvd
CVE-2021-37729P4MEDIUMCVSS 6.5≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.19+4 more2021-09-07
CVE-2021-37729 [MEDIUM] CWE-22 CVE-2021-37729: A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Op A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2023-45627P4MEDIUMCVSS 6.5≥ 10.3.0.0, < 10.4.0.3v10.5.0.02023-11-14
CVE-2023-45627 [MEDIUM] CVE-2023-45627: An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploit An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
nvd
CVE-2021-37728P4MEDIUMCVSS 6.5≥ 8.5.0.0, < 8.5.0.13≥ 8.6.0.0, < 8.6.0.11+2 more2021-09-07
CVE-2021-37728 [MEDIUM] CWE-22 CVE-2021-37728: A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
Arubanetworks Arubaos vulnerabilities | cvebase