VYPR

Vendor CVEs

Arubanetworks

All CVEs

577 total · sorted by risk
  • CVE-2023-22755Feb 28, 2023
    risk 0.00cvss epss 0.01

    There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability…

  • CVE-2023-22750Feb 28, 2023
    risk 0.00cvss epss 0.02

    There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2023-22747Feb 28, 2023
    risk 0.00cvss epss 0.02

    There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2022-43540Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba…

  • CVE-2022-43539Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for…

  • CVE-2022-43538Jan 3, 2023
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-43537Jan 3, 2023
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-43536Jan 3, 2023
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-43535Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in…

  • CVE-2022-43534Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass…

  • CVE-2022-43533Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass…

  • CVE-2022-43532Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to…

  • CVE-2022-43531Jan 3, 2023
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-43530Jan 3, 2023
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-44535Jan 3, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an attacker to achieve…

  • CVE-2022-44534Jan 3, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the…

  • CVE-2022-43529Jan 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an…

  • CVE-2022-43528Jan 3, 2023
    risk 0.00cvss epss 0.00

    Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements…

  • CVE-2022-43527Jan 3, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to…

  • CVE-2022-43526Jan 3, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to…

  • CVE-2022-43525Jan 3, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to…

  • CVE-2022-43524Jan 3, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an…

  • CVE-2022-43523Jan 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit…

  • CVE-2022-43522Jan 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit…

  • CVE-2022-43521Jan 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit…

  • CVE-2022-43520Jan 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit…

  • CVE-2022-43519Jan 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit…

  • CVE-2022-37934Jan 3, 2023
    risk 0.00cvss epss 0.02

    A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850…

  • CVE-2022-37917Dec 8, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change…

  • CVE-2022-37916Dec 8, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change…

  • CVE-2022-37918Dec 8, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change…

  • CVE-2022-44533Nov 30, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-44532Nov 30, 2022
    risk 0.00cvss epss 0.01

    An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in…

  • CVE-2022-43542Nov 30, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-43541Nov 30, 2022
    risk 0.00cvss epss 0.02

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-43518Nov 30, 2022
    risk 0.00cvss epss 0.01

    An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba…

  • CVE-2022-37926Nov 30, 2022
    risk 0.00cvss epss 0.00

    A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an…

  • CVE-2022-37925Nov 30, 2022
    risk 0.00cvss epss 0.00

    A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary…

  • CVE-2022-37924Nov 30, 2022
    risk 0.00cvss epss 0.02

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37923Nov 30, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37922Nov 30, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37921Nov 30, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37920Nov 30, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37919Nov 30, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba…

  • CVE-2022-37911Nov 3, 2022
    risk 0.00cvss epss 0.01

    Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources,…

  • CVE-2022-37910Nov 3, 2022
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.

  • CVE-2022-37909Nov 3, 2022
    risk 0.00cvss epss 0.00

    Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of…

  • CVE-2022-37908Nov 3, 2022
    risk 0.00cvss epss 0.00

    An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

  • CVE-2022-37907Nov 3, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.

  • CVE-2022-37906Nov 3, 2022
    risk 0.00cvss epss 0.01

    An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.

Page 6 of 12