VYPR

Arubaos

by Arubanetworks

CVEs (52)

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2024-42505CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2017-9000CriAug 6, 2018
    risk 0.64cvss 9.8epss 0.06

    ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file…

  • CVE-2026-23827HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code…

  • CVE-2026-23826HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition.…

  • CVE-2026-23825HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful…

  • CVE-2026-23824HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful…

  • CVE-2017-9003HigAug 6, 2018
    risk 0.49cvss 7.5epss 0.04

    Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not…

  • CVE-2026-44871HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on…

  • CVE-2026-44872HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

  • CVE-2026-44870HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on…

  • CVE-2026-44869HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

  • CVE-2026-44868HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

  • CVE-2026-44867HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

  • CVE-2026-44866HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

  • CVE-2026-44865HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

  • CVE-2026-44862HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted…

  • CVE-2026-44861HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted…

  • CVE-2026-44860HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted…

  • CVE-2026-44859HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these…

Page 1 of 3