Airwave
by Aruba
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54008 | Hig | 0.47 | 7.2 | 0.02 | Dec 10, 2024 | An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. | ||
| CVE-2016-8527 | 0.07 | — | 0.56 | Aug 6, 2018 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative… | |||
| CVE-2016-8526 | 0.04 | — | 0.13 | Aug 6, 2018 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can… | |||
| CVE-2023-45618 | 0.00 | — | 0.01 | Nov 14, 2023 | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which… | |||
| CVE-2023-45616 | 0.00 | — | 0.01 | Nov 14, 2023 | There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful… | |||
| CVE-2015-1390 | 0.00 | — | 0.01 | Sep 5, 2023 | Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. | |||
| CVE-2015-2201 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | |||
| CVE-2015-2202 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | |||
| CVE-2015-1391 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | |||
| CVE-2021-26961 | 0.00 | — | 0.00 | Mar 5, 2021 | A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a… | |||
| CVE-2020-24640 | 0.00 | — | 0.01 | Jan 15, 2021 | There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||
| CVE-2020-24639 | 0.00 | — | 0.01 | Jan 15, 2021 | There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||
| CVE-2020-24638 | 0.00 | — | 0.02 | Jan 15, 2021 | Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system. | |||
| CVE-2020-24641 | 0.00 | — | 0.00 | Jan 15, 2021 | In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately… |
- risk 0.47cvss 7.2epss 0.02
An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
- CVE-2016-8527Aug 6, 2018risk 0.07cvss —epss 0.56
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative…
- CVE-2016-8526Aug 6, 2018risk 0.04cvss —epss 0.13
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can…
- CVE-2023-45618Nov 14, 2023risk 0.00cvss —epss 0.01
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which…
- CVE-2023-45616Nov 14, 2023risk 0.00cvss —epss 0.01
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful…
- CVE-2015-1390Sep 5, 2023risk 0.00cvss —epss 0.01
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
- CVE-2015-2201Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
- CVE-2015-2202Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
- CVE-2015-1391Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
- CVE-2021-26961Mar 5, 2021risk 0.00cvss —epss 0.00
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a…
- CVE-2020-24640Jan 15, 2021risk 0.00cvss —epss 0.01
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
- CVE-2020-24639Jan 15, 2021risk 0.00cvss —epss 0.01
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
- CVE-2020-24638Jan 15, 2021risk 0.00cvss —epss 0.02
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.
- CVE-2020-24641Jan 15, 2021risk 0.00cvss —epss 0.00
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately…