Hpe Arubaos-Cx vulnerabilities

CVE-2025-37157 [MEDIUM] CWE-94 CVE-2025-37157: A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation cou A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

CVE-2025-37155 [HIGH] CWE-284 CVE-2025-37155: A vulnerability in the SSH restricted shell interface of the network management services allows impr A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.

CVE-2025-37159 [MEDIUM] CWE-384 CVE-2025-37159: A vulnerability in the web management interface of the AOS-CX OS user authentication service could a A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

CVE-2025-37158 [MEDIUM] CWE-78 CVE-2025-37158: A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation cou A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

CVE-2025-37156 [MEDIUM] CVE-2025-37156: A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exp A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.

CVE-2025-37160 [MEDIUM] CWE-200 CVE-2025-37160: A broken access control (BAC) vulnerability in the web-based management interface could allow an aut A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

CVE-2023-3718 [HIGH] CWE-77 CVE-2023-3718: An authenticated command injection vulnerability exists in the AOS-CX command line interface. Succe An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the

CVE-2023-1168 [HIGH] CWE-77 CVE-2023-1168: An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engi An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.

CVE-2021-41000 [HIGH] CWE-77 CVE-2021-41000: Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command l Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and bel

CVE-2021-41001 [HIGH] CWE-77 CVE-2021-41001: An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below

CVE-2021-41002 [HIGH] CWE-22 CVE-2021-41002: Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command l Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and bel

CVE-2021-41003 [MEDIUM] CVE-2021-41003: Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interfa Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07

CVE-2002-20001 [HIGH] CWE-400 CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arb The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disr