Vendor CVEs
Arubanetworks
All CVEs
577 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37905 | 0.00 | — | 0.01 | Nov 3, 2022 | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | |||
| CVE-2022-37904 | 0.00 | — | 0.01 | Nov 3, 2022 | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | |||
| CVE-2022-37912 | 0.00 | — | 0.02 | Nov 3, 2022 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2022-37902 | 0.00 | — | 0.02 | Nov 3, 2022 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2022-37901 | 0.00 | — | 0.02 | Nov 3, 2022 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2022-37900 | 0.00 | — | 0.02 | Nov 3, 2022 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2022-37899 | 0.00 | — | 0.02 | Nov 3, 2022 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2022-37898 | 0.00 | — | 0.01 | Nov 3, 2022 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||
| CVE-2022-37897 | 0.00 | — | 0.02 | Nov 3, 2022 | There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the… | |||
| CVE-2022-37928 | 0.00 | — | 0.00 | Nov 3, 2022 | Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | |||
| CVE-2022-37930 | 0.00 | — | 0.00 | Nov 3, 2022 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | |||
| CVE-2022-37929 | 0.00 | — | 0.00 | Nov 3, 2022 | Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | |||
| CVE-2022-37927 | 0.00 | — | 0.00 | Nov 3, 2022 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | |||
| CVE-2022-37915 | 0.00 | — | 0.02 | Oct 28, 2022 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute… | |||
| CVE-2022-37914 | 0.00 | — | 0.01 | Oct 28, 2022 | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges… | |||
| CVE-2022-37913 | 0.00 | — | 0.01 | Oct 28, 2022 | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges… | |||
| CVE-2022-37893 | 0.00 | — | 0.01 | Oct 7, 2022 | An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of… | |||
| CVE-2022-37894 | 0.00 | — | 0.00 | Oct 7, 2022 | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS… | |||
| CVE-2022-37891 | 0.00 | — | 0.01 | Oct 7, 2022 | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and… | |||
| CVE-2022-37890 | 0.00 | — | 0.01 | Oct 7, 2022 | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and… | |||
| CVE-2022-37887 | 0.00 | — | 0.02 | Oct 7, 2022 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these… | |||
| CVE-2022-37896 | 0.00 | — | 0.01 | Oct 7, 2022 | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in… | |||
| CVE-2022-37885 | 0.00 | — | 0.01 | Oct 7, 2022 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these… | |||
| CVE-2022-37889 | 0.00 | — | 0.02 | Oct 7, 2022 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these… | |||
| CVE-2022-37895 | 0.00 | — | 0.01 | Oct 7, 2022 | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS… | |||
| CVE-2022-37892 | 0.00 | — | 0.01 | Oct 7, 2022 | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary… | |||
| CVE-2022-37886 | 0.00 | — | 0.01 | Oct 7, 2022 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these… | |||
| CVE-2022-37888 | 0.00 | — | 0.01 | Oct 6, 2022 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these… | |||
| CVE-2022-23685 | 0.00 | — | 0.00 | Sep 20, 2022 | A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if… | |||
| CVE-2022-23692 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify… | |||
| CVE-2022-23693 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify… | |||
| CVE-2022-23695 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify… | |||
| CVE-2022-23694 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify… | |||
| CVE-2022-23696 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify… | |||
| CVE-2022-37877 | 0.00 | — | 0.00 | Sep 20, 2022 | A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass… | |||
| CVE-2022-37880 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system… | |||
| CVE-2022-37878 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system… | |||
| CVE-2022-37879 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system… | |||
| CVE-2022-37884 | 0.00 | — | 0.01 | Sep 20, 2022 | A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the… | |||
| CVE-2022-37881 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system… | |||
| CVE-2022-37882 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system… | |||
| CVE-2022-37883 | 0.00 | — | 0.01 | Sep 20, 2022 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system… | |||
| CVE-2022-23690 | 0.00 | — | 0.01 | Sep 6, 2022 | A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch… | |||
| CVE-2022-23688 | 0.00 | — | 0.00 | Sep 6, 2022 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX… | |||
| CVE-2022-23691 | 0.00 | — | 0.00 | Sep 6, 2022 | A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX… | |||
| CVE-2022-23689 | 0.00 | — | 0.00 | Sep 6, 2022 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX… | |||
| CVE-2022-23686 | 0.00 | — | 0.00 | Sep 6, 2022 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX… | |||
| CVE-2022-23687 | 0.00 | — | 0.00 | Sep 6, 2022 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX… | |||
| CVE-2022-23684 | 0.00 | — | 0.01 | Sep 6, 2022 | A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate… | |||
| CVE-2022-23682 | 0.00 | — | 0.01 | Sep 6, 2022 | Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in… |
- CVE-2022-37905Nov 3, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
- CVE-2022-37904Nov 3, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
- CVE-2022-37912Nov 3, 2022risk 0.00cvss —epss 0.02
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2022-37902Nov 3, 2022risk 0.00cvss —epss 0.02
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2022-37901Nov 3, 2022risk 0.00cvss —epss 0.02
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2022-37900Nov 3, 2022risk 0.00cvss —epss 0.02
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2022-37899Nov 3, 2022risk 0.00cvss —epss 0.02
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2022-37898Nov 3, 2022risk 0.00cvss —epss 0.01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- CVE-2022-37897Nov 3, 2022risk 0.00cvss —epss 0.02
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the…
- CVE-2022-37928Nov 3, 2022risk 0.00cvss —epss 0.00
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
- CVE-2022-37930Nov 3, 2022risk 0.00cvss —epss 0.00
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.
- CVE-2022-37929Nov 3, 2022risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
- CVE-2022-37927Nov 3, 2022risk 0.00cvss —epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
- CVE-2022-37915Oct 28, 2022risk 0.00cvss —epss 0.02
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute…
- CVE-2022-37914Oct 28, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges…
- CVE-2022-37913Oct 28, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges…
- CVE-2022-37893Oct 7, 2022risk 0.00cvss —epss 0.01
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of…
- CVE-2022-37894Oct 7, 2022risk 0.00cvss —epss 0.00
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS…
- CVE-2022-37891Oct 7, 2022risk 0.00cvss —epss 0.01
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and…
- CVE-2022-37890Oct 7, 2022risk 0.00cvss —epss 0.01
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and…
- CVE-2022-37887Oct 7, 2022risk 0.00cvss —epss 0.02
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…
- CVE-2022-37896Oct 7, 2022risk 0.00cvss —epss 0.01
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in…
- CVE-2022-37885Oct 7, 2022risk 0.00cvss —epss 0.01
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…
- CVE-2022-37889Oct 7, 2022risk 0.00cvss —epss 0.02
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…
- CVE-2022-37895Oct 7, 2022risk 0.00cvss —epss 0.01
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS…
- CVE-2022-37892Oct 7, 2022risk 0.00cvss —epss 0.01
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary…
- CVE-2022-37886Oct 7, 2022risk 0.00cvss —epss 0.01
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…
- CVE-2022-37888Oct 6, 2022risk 0.00cvss —epss 0.01
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…
- CVE-2022-23685Sep 20, 2022risk 0.00cvss —epss 0.00
A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if…
- CVE-2022-23692Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…
- CVE-2022-23693Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…
- CVE-2022-23695Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…
- CVE-2022-23694Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…
- CVE-2022-23696Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…
- CVE-2022-37877Sep 20, 2022risk 0.00cvss —epss 0.00
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass…
- CVE-2022-37880Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…
- CVE-2022-37878Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…
- CVE-2022-37879Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…
- CVE-2022-37884Sep 20, 2022risk 0.00cvss —epss 0.01
A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the…
- CVE-2022-37881Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…
- CVE-2022-37882Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…
- CVE-2022-37883Sep 20, 2022risk 0.00cvss —epss 0.01
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…
- CVE-2022-23690Sep 6, 2022risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch…
- CVE-2022-23688Sep 6, 2022risk 0.00cvss —epss 0.00
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…
- CVE-2022-23691Sep 6, 2022risk 0.00cvss —epss 0.00
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX…
- CVE-2022-23689Sep 6, 2022risk 0.00cvss —epss 0.00
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…
- CVE-2022-23686Sep 6, 2022risk 0.00cvss —epss 0.00
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…
- CVE-2022-23687Sep 6, 2022risk 0.00cvss —epss 0.00
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…
- CVE-2022-23684Sep 6, 2022risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate…
- CVE-2022-23682Sep 6, 2022risk 0.00cvss —epss 0.01
Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in…
Page 7 of 12