VYPR

Vendor CVEs

Arubanetworks

All CVEs

577 total · sorted by risk
  • CVE-2021-25162Mar 30, 2021
    risk 0.06cvss epss 0.27

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2021-25159Mar 30, 2021
    risk 0.04cvss epss 0.13

    A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2021-25157Mar 30, 2021
    risk 0.04cvss epss 0.10

    A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x:…

  • CVE-2021-25156Mar 30, 2021
    risk 0.04cvss epss 0.41

    A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2021-25155Mar 30, 2021
    risk 0.04cvss epss 0.13

    A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2015-1389May 28, 2015
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

  • CVE-2022-37932Nov 30, 2022
    risk 0.03cvss epss 0.03

    A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the…

  • CVE-2021-25161Mar 30, 2021
    risk 0.03cvss epss 0.16

    A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2021-25160Mar 30, 2021
    risk 0.03cvss epss 0.07

    A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2021-25158Mar 30, 2021
    risk 0.03cvss epss 0.31

    A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and…

  • CVE-2007-6054Nov 20, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI,…

  • CVE-2018-7084May 10, 2019
    risk 0.02cvss epss 0.05

    A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration,…

  • CVE-2025-37163Nov 18, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying …

  • CVE-2025-37158Nov 18, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

  • CVE-2025-37157Nov 18, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

  • CVE-2025-37156Nov 18, 2025
    risk 0.00cvss epss 0.00

    A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.

  • CVE-2025-37145Oct 14, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed…

  • CVE-2025-37143Oct 14, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully…

  • CVE-2025-37142Oct 14, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

  • CVE-2025-37141Oct 14, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

  • CVE-2025-37140Oct 14, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

  • CVE-2025-37135Oct 14, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the…

  • CVE-2025-27083Apr 8, 2025
    risk 0.00cvss epss 0.01

    Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on…

  • CVE-2025-25039Feb 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower…

  • CVE-2025-23060Feb 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to…

  • CVE-2025-23059Feb 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and…

  • CVE-2025-23058Feb 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with…

  • CVE-2024-53672Dec 3, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the…

  • CVE-2024-41914Jul 24, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to…

  • CVE-2024-31473May 14, 2024
    risk 0.00cvss epss 0.02

    There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful…

  • CVE-2024-31472May 14, 2024
    risk 0.00cvss epss 0.02

    There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful…

  • CVE-2024-31469May 14, 2024
    risk 0.00cvss epss 0.01

    There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful…

  • CVE-2024-31468May 14, 2024
    risk 0.00cvss epss 0.01

    There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful…

  • CVE-2024-25616Mar 5, 2024
    risk 0.00cvss epss 0.00

    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the…

  • CVE-2024-25615Mar 5, 2024
    risk 0.00cvss epss 0.00

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.

  • CVE-2024-25614Mar 5, 2024
    risk 0.00cvss epss 0.01

    There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the…

  • CVE-2024-25613Mar 5, 2024
    risk 0.00cvss epss 0.01

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2024-25612Mar 5, 2024
    risk 0.00cvss epss 0.01

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2024-25611Mar 5, 2024
    risk 0.00cvss epss 0.01

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2024-1356Mar 5, 2024
    risk 0.00cvss epss 0.01

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2024-26301Feb 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially…

  • CVE-2024-26300Feb 27, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary…

  • CVE-2024-26299Feb 27, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to…

  • CVE-2024-26298Feb 27, 2024
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2024-26297Feb 27, 2024
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2024-26296Feb 27, 2024
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2024-26295Feb 27, 2024
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2024-26294Feb 27, 2024
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2023-45624Nov 14, 2023
    risk 0.00cvss epss 0.01

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

  • CVE-2023-45623Nov 14, 2023
    risk 0.00cvss epss 0.01

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Page 3 of 12