Filtered by vendor Arubanetworks Subscriptions
Total 493 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-39268 2 Arubanetworks, Hpe 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more 2024-09-27 4.5 Medium
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-38486 1 Arubanetworks 5 9004, 9004-lte, 9012 and 2 more 2024-09-26 7.7 High
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
CVE-2024-42506 1 Arubanetworks 1 Arubaos 2024-09-26 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-42507 1 Arubanetworks 1 Arubaos 2024-09-26 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-42505 1 Arubanetworks 1 Arubaos 2024-09-26 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-42502 1 Arubanetworks 1 Arubaos 2024-09-20 7.2 High
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
CVE-2024-42503 1 Arubanetworks 1 Arubaos 2024-09-20 7.2 High
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.
CVE-2024-42501 1 Arubanetworks 1 Arubaos 2024-09-20 7.2 High
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
CVE-2013-2269 1 Arubanetworks 2 Clearpass, Clearpass Guest 2024-09-17 N/A
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.
CVE-2020-12149 2 Arubanetworks, Silver-peak 22 Edgeconnect Enterprise, Nx-10700, Nx-11700 and 19 more 2024-09-16 6.8 Medium
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
CVE-2020-12148 1 Arubanetworks 21 Edgeconnect Enterprise, Nx-10700, Nx-11700 and 18 more 2024-09-16 6.8 Medium
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
CVE-2009-3836 1 Arubanetworks 2 Aruba Mobility Controller, Arubaos 2024-09-16 N/A
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.
CVE-2017-13099 3 Arubanetworks, Siemens, Wolfssl 4 Instant, Scalance W1750d, Scalance W1750d Firmware and 1 more 2024-09-16 N/A
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
CVE-2023-4896 1 Arubanetworks 1 Airwave 2024-09-13 6.8 Medium
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
CVE-2023-43509 1 Arubanetworks 1 Clearpass Policy Manager 2024-09-11 5.8 Medium
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.
CVE-2023-43506 2 Arubanetworks, Linux 2 Clearpass Policy Manager, Linux Kernel 2024-09-11 7.8 High
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
CVE-2023-43507 1 Arubanetworks 1 Clearpass Policy Manager 2024-09-11 7.2 High
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
CVE-2023-43510 1 Arubanetworks 1 Clearpass Policy Manager 2024-09-11 4.7 Medium
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.
CVE-2023-43508 1 Arubanetworks 1 Clearpass Policy Manager 2024-09-11 6.3 Medium
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
CVE-2023-45615 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-08-30 9.8 Critical
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.