Arubanetworks Instant vulnerabilities

CVE-2022-37891 [CRITICAL] CWE-120 CVE-2022-37891: Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.

CVE-2022-37886 [CRITICAL] CWE-120 CVE-2022-37886: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a

CVE-2022-37889 [CRITICAL] CWE-120 CVE-2022-37889: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a

CVE-2022-37890 [CRITICAL] CWE-120 CVE-2022-37890: Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.

CVE-2022-37885 [CRITICAL] CWE-120 CVE-2022-37885: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a

CVE-2022-37887 [CRITICAL] CWE-120 CVE-2022-37887: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a

CVE-2022-37893 [HIGH] CWE-78 CVE-2022-37893: An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 comman An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.

CVE-2022-37895 [MEDIUM] CVE-2022-37895: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; A

CVE-2022-37896 [MEDIUM] CWE-79 CVE-2022-37896: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba Inst

CVE-2022-37894 [MEDIUM] CVE-2022-37894: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; A

CVE-2022-37892 [MEDIUM] CWE-79 CVE-2022-37892: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauth A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interfac

CVE-2022-37888 [CRITICAL] CWE-120 CVE-2022-37888: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a

CVE-2021-25149 [CRITICAL] CWE-120 CVE-2021-25149: A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) produ A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released

CVE-2019-5319 [CRITICAL] CWE-120 CVE-2019-5319: A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) produ A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released pa

CVE-2021-25150 [HIGH] CWE-78 CVE-2021-25150: A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that addres

CVE-2021-25146 [HIGH] CWE-78 CVE-2021-25146: A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has releas

CVE-2021-25148 [HIGH] CVE-2021-25148: A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this secu

CVE-2021-25162 [HIGH] CWE-78 CVE-2021-25162: A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba I

CVE-2021-25158 [MEDIUM] CWE-362 CVE-2021-25158: A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) p A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patche

CVE-2021-25145 [MEDIUM] CVE-2021-25145: A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant A A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba