Hewlett Packard Enterprise Hpe Aruba Networking Aos vulnerabilities
6 known vulnerabilities affecting hewlett_packard_enterprise/hpe_aruba_networking_aos.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-27083HIGHCVSS 7.2≥ 10.7.0.0, ≤ 10.7.1.0≥ 10.4.0.0, ≤ 10.4.1.6+2 more2025-04-08
CVE-2025-27083 [HIGH] CWE-77 CVE-2025-27083: Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
cvelistv5nvd
CVE-2025-27082HIGHCVSS 7.2≥ 10.7.0.0, ≤ 10.7.1.0≥ 10.4.0.0, ≤ 10.4.1.6+2 more2025-04-08
CVE-2025-27082 [HIGH] CWE-434 CVE-2025-27082: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
cvelistv5nvd
CVE-2025-27085MEDIUMCVSS 4.9≥ 10.7.0.0, ≤ 10.7.1.0≥ 10.4.0.0, ≤ 10.4.1.6+2 more2025-04-08
CVE-2025-27085 [MEDIUM] CWE-22 CVE-2025-27085: Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controll
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
cvelistv5nvd
CVE-2025-27084MEDIUMCVSS 6.1≥ 10.7.0.0, ≤ 10.7.1.0≥ 10.4.0.0, ≤ 10.4.1.6+2 more2025-04-08
CVE-2025-27084 [MEDIUM] CWE-79 CVE-2025-27084: A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.
cvelistv5nvd
CVE-2025-23051HIGHCVSS 7.2≥ 10.4.0.0, ≤ 10.4.1.4≥ 8.12.0.0, ≤ 8.12.0.2+1 more2025-01-14
CVE-2025-23051 [HIGH] CWE-94 CVE-2025-23051: An authenticated parameter injection vulnerability exists in the web-based management interface of t
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files.
cvelistv5nvd
CVE-2025-23052HIGHCVSS 7.2≥ 10.4.0.0, ≤ 10.4.1.4≥ 8.12.0.0, ≤ 8.12.0.2+1 more2025-01-14
CVE-2025-23052 [HIGH] CWE-77 CVE-2025-23052: Authenticated command injection vulnerability in the command line interface of a network management
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system.
cvelistv5nvd