VYPR

Vendor CVEs

Arubanetworks

All CVEs

577 total · sorted by risk
  • CVE-2026-44855HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these…

  • CVE-2026-44854HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote…

  • CVE-2026-44853HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote…

  • CVE-2026-44852HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating…

  • CVE-2024-54008HigDec 10, 2024
    risk 0.47cvss 7.2epss 0.01

    An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.

  • CVE-2024-47462HigNov 5, 2024
    risk 0.47cvss 7.2epss 0.01

    An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on…

  • CVE-2024-42503HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.01

    Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.

  • CVE-2024-42502HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.02

    Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.

  • CVE-2024-42501HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.01

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.

  • CVE-2015-4649HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

  • CVE-2015-3657HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.01

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

  • CVE-2015-3656HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.01

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.

  • CVE-2015-3654HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.

  • CVE-2015-3653HigAug 29, 2017
    risk 0.47cvss 7.2epss 0.02

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect…

  • CVE-2014-2071HigJan 8, 2018
    risk 0.46cvss 7.1epss 0.01

    Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner…

  • CVE-2024-47464MedNov 5, 2024
    risk 0.44cvss 6.8epss 0.01

    An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could…

  • CVE-2016-8527MedAug 6, 2018
    risk 0.44cvss 6.1epss 0.13

    Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative…

  • CVE-2017-13084MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2026-23545MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.

  • CVE-2025-11725MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's…

  • CVE-2025-67913MedJan 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.

  • CVE-2025-37148MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual…

  • CVE-2025-27078MedApr 8, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise.

  • CVE-2025-11706MedFeb 19, 2026
    risk 0.40cvss 6.1epss 0.00

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2017-9002MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session…

  • CVE-2025-27080MedMar 18, 2025
    risk 0.39cvss 6.0epss 0.00

    Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to…

  • CVE-2024-24454MedNov 15, 2024
    risk 0.38cvss 5.9epss 0.00

    An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

  • CVE-2018-7073MedAug 6, 2018
    risk 0.36cvss 5.5epss 0.01

    A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

  • CVE-2017-5786MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14

  • CVE-2017-12553MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12552MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12550MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12549MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12548MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12547MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2017-12546MedFeb 15, 2018
    risk 0.36cvss 5.6epss 0.00

    A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2026-44873MedMay 12, 2026
    risk 0.35cvss 5.4epss 0.00

    A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration.…

  • CVE-2017-5827MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2017-12544MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.05

    A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

  • CVE-2023-44983MedDec 19, 2023
    risk 0.34cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.

  • CVE-2026-23694MedFeb 23, 2026
    risk 0.33cvss epss 0.00

    Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and ahsc_enable_purge perform…

  • CVE-2026-44874MedMay 12, 2026
    risk 0.32cvss 4.9epss 0.00

    A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of…

  • CVE-2024-26303MedMar 26, 2024
    risk 0.32cvss 4.9epss 0.01

    Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon

  • CVE-2026-1924MedApr 10, 2026
    risk 0.28cvss 4.3epss 0.00

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset_options()` function. This makes it possible for unauthenticated attackers to…

  • CVE-2025-25042MedMar 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further…

  • CVE-2024-43119MedNov 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.

  • CVE-2024-22438LowApr 15, 2024
    risk 0.23cvss 3.5epss 0.00

    A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code.

  • CVE-2025-25040LowMar 18, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is…

  • CVE-2020-7209Feb 12, 2020
    risk 0.10cvss epss 0.99

    LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

  • CVE-2020-7115Jun 3, 2020
    risk 0.08cvss epss 0.65

    The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in…

Page 2 of 12