Airwave
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8526 | Hig | 0.61 | 8.8 | 0.10 | Aug 6, 2018 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can… | ||
| CVE-2024-54008 | Hig | 0.47 | 7.2 | 0.01 | Dec 10, 2024 | An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. | ||
| CVE-2016-8527 | Med | 0.44 | 6.1 | 0.13 | Aug 6, 2018 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative… | ||
| CVE-2023-45618 | 0.00 | — | 0.01 | Nov 14, 2023 | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which… | |||
| CVE-2023-45616 | 0.00 | — | 0.02 | Nov 14, 2023 | There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful… | |||
| CVE-2015-1390 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. | |||
| CVE-2015-2201 | 0.00 | — | 0.01 | Sep 5, 2023 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | |||
| CVE-2015-1391 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | |||
| CVE-2015-2202 | 0.00 | — | 0.01 | Sep 5, 2023 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | |||
| CVE-2021-26967 | 0.00 | — | 0.01 | Mar 5, 2021 | A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site… | |||
| CVE-2021-26961 | 0.00 | — | 0.01 | Mar 5, 2021 | A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a… | |||
| CVE-2020-24640 | 0.00 | — | 0.03 | Jan 15, 2021 | There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||
| CVE-2020-24639 | 0.00 | — | 0.07 | Jan 15, 2021 | There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||
| CVE-2020-24638 | 0.00 | — | 0.03 | Jan 15, 2021 | Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system. | |||
| CVE-2020-24641 | 0.00 | — | 0.01 | Jan 15, 2021 | In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately… | |||
| CVE-2020-7126 | 0.00 | — | 0.01 | Oct 26, 2020 | A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||
| CVE-2019-5323 | 0.00 | — | 0.03 | Feb 27, 2020 | There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | |||
| CVE-2014-8368 | 0.00 | — | 0.03 | Nov 25, 2014 | The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. |
- risk 0.61cvss 8.8epss 0.10
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can…
- risk 0.47cvss 7.2epss 0.01
An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
- risk 0.44cvss 6.1epss 0.13
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative…
- CVE-2023-45618Nov 14, 2023risk 0.00cvss —epss 0.01
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which…
- CVE-2023-45616Nov 14, 2023risk 0.00cvss —epss 0.02
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful…
- CVE-2015-1390Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
- CVE-2015-2201Sep 5, 2023risk 0.00cvss —epss 0.01
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
- CVE-2015-1391Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
- CVE-2015-2202Sep 5, 2023risk 0.00cvss —epss 0.01
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
- CVE-2021-26967Mar 5, 2021risk 0.00cvss —epss 0.01
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site…
- CVE-2021-26961Mar 5, 2021risk 0.00cvss —epss 0.01
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a…
- CVE-2020-24640Jan 15, 2021risk 0.00cvss —epss 0.03
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
- CVE-2020-24639Jan 15, 2021risk 0.00cvss —epss 0.07
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
- CVE-2020-24638Jan 15, 2021risk 0.00cvss —epss 0.03
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.
- CVE-2020-24641Jan 15, 2021risk 0.00cvss —epss 0.01
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately…
- CVE-2020-7126Oct 26, 2020risk 0.00cvss —epss 0.01
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- CVE-2019-5323Feb 27, 2020risk 0.00cvss —epss 0.03
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
- CVE-2014-8368Nov 25, 2014risk 0.00cvss —epss 0.03
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.