Arubanetworks Arubaos vulnerabilities
198 known vulnerabilities affecting arubanetworks/arubaos.
Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL45HIGH94MEDIUM55LOW4
Vulnerabilities
Page 9 of 10
CVE-2022-37885CRITICALCVSS 9.8≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37885 [CRITICAL] CWE-120 CVE-2022-37885: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a
nvd
CVE-2022-37887CRITICALCVSS 9.8≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37887 [CRITICAL] CWE-120 CVE-2022-37887: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a
nvd
CVE-2022-37893HIGHCVSS 7.8≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37893 [HIGH] CWE-78 CVE-2022-37893: An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 comman
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.
nvd
CVE-2022-37895MEDIUMCVSS 4.9≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37895 [MEDIUM] CVE-2022-37895: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; A
nvd
CVE-2022-37896MEDIUMCVSS 6.1≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37896 [MEDIUM] CWE-79 CVE-2022-37896: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba Inst
nvd
CVE-2022-37894MEDIUMCVSS 6.5≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37894 [MEDIUM] CVE-2022-37894: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; A
nvd
CVE-2022-37892MEDIUMCVSS 5.4≥ 10.3.0.0, < 10.3.1.12022-10-07
CVE-2022-37892 [MEDIUM] CWE-79 CVE-2022-37892: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauth
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interfac
nvd
CVE-2022-37888CRITICALCVSS 9.8≥ 10.3.0.0, < 10.3.1.12022-10-06
CVE-2022-37888 [CRITICAL] CWE-120 CVE-2022-37888: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a
nvd
CVE-2021-37716CRITICALCVSS 9.8≥ 8.3.0.0, < 8.3.0.15≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37716 [CRITICAL] CWE-120 CVE-2021-37716: A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba O
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2021-37725HIGHCVSS 8.1≥ 8.3.0.0, < 8.3.0.15≥ 8.5.0.0, < 8.5.0.12+3 more2021-09-07
CVE-2021-37725 [HIGH] CWE-352 CVE-2021-37725: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerabili
nvd
CVE-2021-37717HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37717 [HIGH] CWE-77 CVE-2021-37717: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2021-37723HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37723 [HIGH] CWE-77 CVE-2021-37723: A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
CVE-2021-37720HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37720 [HIGH] CWE-77 CVE-2021-37720: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2021-37724HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37724 [HIGH] CWE-77 CVE-2021-37724: A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
CVE-2021-37718HIGHCVSS 7.2≥ 8.3.0.0, < 8.3.0.16≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37718 [HIGH] CWE-77 CVE-2021-37718: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd
CVE-2021-37721HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37721 [HIGH] CWE-77 CVE-2021-37721: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2021-37719HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37719 [HIGH] CWE-77 CVE-2021-37719: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2021-37722HIGHCVSS 7.2≥ 6.4.4.0, < 6.4.4.25≥ 6.5.4.0, < 6.5.4.20+4 more2021-09-07
CVE-2021-37722 [HIGH] CWE-77 CVE-2021-37722: A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnera
nvd
CVE-2019-5318MEDIUMCVSS 6.5≥ 6.1.3.7, ≤ 6.5.4.20≥ 8.0.0.0, < 8.8.0.02021-09-07
CVE-2019-5318 [MEDIUM] CWE-352 CVE-2019-5318: A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System So
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
nvd
CVE-2021-37731MEDIUMCVSS 6.2≥ 8.3.0.0, < 8.3.0.15≥ 8.5.0.0, < 8.5.0.12+2 more2021-09-07
CVE-2021-37731 [MEDIUM] CWE-22 CVE-2021-37731: A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Ope
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
nvd