Vendor CVEs
Arubanetworks
All CVEs
577 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45622 | 0.00 | — | 0.01 | Nov 14, 2023 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | |||
| CVE-2023-45619 | 0.00 | — | 0.01 | Nov 14, 2023 | There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead… | |||
| CVE-2023-45618 | 0.00 | — | 0.01 | Nov 14, 2023 | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which… | |||
| CVE-2023-45617 | 0.00 | — | 0.01 | Nov 14, 2023 | There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead… | |||
| CVE-2023-45616 | 0.00 | — | 0.02 | Nov 14, 2023 | There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful… | |||
| CVE-2023-43510 | 0.00 | — | 0.01 | Oct 24, 2023 | A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the… | |||
| CVE-2023-43509 | 0.00 | — | 0.01 | Oct 24, 2023 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into… | |||
| CVE-2023-43508 | 0.00 | — | 0.00 | Oct 24, 2023 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker… | |||
| CVE-2023-43507 | 0.00 | — | 0.01 | Oct 24, 2023 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify… | |||
| CVE-2023-43506 | 0.00 | — | 0.00 | Oct 24, 2023 | A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux… | |||
| CVE-2023-4896 | 0.00 | — | 0.00 | Oct 17, 2023 | A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally… | |||
| CVE-2023-38486 | 0.00 | — | 0.00 | Sep 6, 2023 | A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to… | |||
| CVE-2023-38485 | 0.00 | — | 0.00 | Sep 6, 2023 | Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying… | |||
| CVE-2023-38484 | 0.00 | — | 0.00 | Sep 6, 2023 | Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying… | |||
| CVE-2015-2202 | 0.00 | — | 0.01 | Sep 5, 2023 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | |||
| CVE-2015-1390 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. | |||
| CVE-2015-2201 | 0.00 | — | 0.01 | Sep 5, 2023 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | |||
| CVE-2015-1391 | 0.00 | — | 0.00 | Sep 5, 2023 | Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | |||
| CVE-2023-39268 | 0.00 | — | 0.01 | Aug 29, 2023 | A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying… | |||
| CVE-2023-39267 | 0.00 | — | 0.01 | Aug 29, 2023 | An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch. | |||
| CVE-2023-39266 | 0.00 | — | 0.00 | Aug 29, 2023 | A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could… | |||
| CVE-2023-37440 | 0.00 | — | 0.00 | Aug 22, 2023 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal… | |||
| CVE-2023-37439 | 0.00 | — | 0.00 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37438 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37437 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37436 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37435 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37434 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37432 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37431 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37430 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37429 | 0.00 | — | 0.01 | Aug 22, 2023 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these… | |||
| CVE-2023-37428 | 0.00 | — | 0.01 | Aug 22, 2023 | A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying… | |||
| CVE-2023-37427 | 0.00 | — | 0.01 | Aug 22, 2023 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary… | |||
| CVE-2023-37426 | 0.00 | — | 0.00 | Aug 22, 2023 | EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate… | |||
| CVE-2023-37425 | 0.00 | — | 0.00 | Aug 22, 2023 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows… | |||
| CVE-2023-37424 | 0.00 | — | 0.01 | Aug 22, 2023 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful… | |||
| CVE-2023-37423 | 0.00 | — | 0.00 | Aug 22, 2023 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker… | |||
| CVE-2023-37422 | 0.00 | — | 0.00 | Aug 22, 2023 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker… | |||
| CVE-2023-37421 | 0.00 | — | 0.00 | Aug 22, 2023 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker… | |||
| CVE-2023-3718 | 0.00 | — | 0.01 | Aug 1, 2023 | An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This… | |||
| CVE-2023-35981 | 0.00 | — | 0.02 | Jul 25, 2023 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of… | |||
| CVE-2023-35980 | 0.00 | — | 0.02 | Jul 25, 2023 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of… | |||
| CVE-2023-35979 | 0.00 | — | 0.01 | Jul 5, 2023 | There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the… | |||
| CVE-2023-35978 | 0.00 | — | 0.00 | Jul 5, 2023 | A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a… | |||
| CVE-2023-35977 | 0.00 | — | 0.00 | Jul 5, 2023 | Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | |||
| CVE-2023-35976 | 0.00 | — | 0.00 | Jul 5, 2023 | Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | |||
| CVE-2023-35975 | 0.00 | — | 0.01 | Jul 5, 2023 | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. | |||
| CVE-2023-35974 | 0.00 | — | 0.01 | Jul 5, 2023 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2023-35973 | 0.00 | — | 0.01 | Jul 5, 2023 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. |
- CVE-2023-45622Nov 14, 2023risk 0.00cvss —epss 0.01
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
- CVE-2023-45619Nov 14, 2023risk 0.00cvss —epss 0.01
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead…
- CVE-2023-45618Nov 14, 2023risk 0.00cvss —epss 0.01
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which…
- CVE-2023-45617Nov 14, 2023risk 0.00cvss —epss 0.01
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead…
- CVE-2023-45616Nov 14, 2023risk 0.00cvss —epss 0.02
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful…
- CVE-2023-43510Oct 24, 2023risk 0.00cvss —epss 0.01
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the…
- CVE-2023-43509Oct 24, 2023risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into…
- CVE-2023-43508Oct 24, 2023risk 0.00cvss —epss 0.00
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker…
- CVE-2023-43507Oct 24, 2023risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify…
- CVE-2023-43506Oct 24, 2023risk 0.00cvss —epss 0.00
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux…
- CVE-2023-4896Oct 17, 2023risk 0.00cvss —epss 0.00
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally…
- CVE-2023-38486Sep 6, 2023risk 0.00cvss —epss 0.00
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to…
- CVE-2023-38485Sep 6, 2023risk 0.00cvss —epss 0.00
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying…
- CVE-2023-38484Sep 6, 2023risk 0.00cvss —epss 0.00
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying…
- CVE-2015-2202Sep 5, 2023risk 0.00cvss —epss 0.01
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
- CVE-2015-1390Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
- CVE-2015-2201Sep 5, 2023risk 0.00cvss —epss 0.01
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
- CVE-2015-1391Sep 5, 2023risk 0.00cvss —epss 0.00
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
- CVE-2023-39268Aug 29, 2023risk 0.00cvss —epss 0.01
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying…
- CVE-2023-39267Aug 29, 2023risk 0.00cvss —epss 0.01
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
- CVE-2023-39266Aug 29, 2023risk 0.00cvss —epss 0.00
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could…
- CVE-2023-37440Aug 22, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal…
- CVE-2023-37439Aug 22, 2023risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37438Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37437Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37436Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37435Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37434Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37432Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37431Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37430Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37429Aug 22, 2023risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these…
- CVE-2023-37428Aug 22, 2023risk 0.00cvss —epss 0.01
A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying…
- CVE-2023-37427Aug 22, 2023risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary…
- CVE-2023-37426Aug 22, 2023risk 0.00cvss —epss 0.00
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate…
- CVE-2023-37425Aug 22, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows…
- CVE-2023-37424Aug 22, 2023risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful…
- CVE-2023-37423Aug 22, 2023risk 0.00cvss —epss 0.00
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker…
- CVE-2023-37422Aug 22, 2023risk 0.00cvss —epss 0.00
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker…
- CVE-2023-37421Aug 22, 2023risk 0.00cvss —epss 0.00
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker…
- CVE-2023-3718Aug 1, 2023risk 0.00cvss —epss 0.01
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This…
- CVE-2023-35981Jul 25, 2023risk 0.00cvss —epss 0.02
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of…
- CVE-2023-35980Jul 25, 2023risk 0.00cvss —epss 0.02
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of…
- CVE-2023-35979Jul 5, 2023risk 0.00cvss —epss 0.01
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the…
- CVE-2023-35978Jul 5, 2023risk 0.00cvss —epss 0.00
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a…
- CVE-2023-35977Jul 5, 2023risk 0.00cvss —epss 0.00
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
- CVE-2023-35976Jul 5, 2023risk 0.00cvss —epss 0.00
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
- CVE-2023-35975Jul 5, 2023risk 0.00cvss —epss 0.01
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
- CVE-2023-35974Jul 5, 2023risk 0.00cvss —epss 0.01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2023-35973Jul 5, 2023risk 0.00cvss —epss 0.01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Page 4 of 12