Vulnerabilites related to arubanetworks - arubaos
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22765",
"lastModified": "2025-03-11T14:15:18.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en el servicio de Comunicaciones Centrales al que accede PAPI (el protocolo de gesti\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso afectado."
}
],
"id": "CVE-2024-31475",
"lastModified": "2025-06-24T16:15:24.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:10.870",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-463"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:02
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
},
{
"lang": "es",
"value": "Aruba ha identificado ciertas configuraciones de ArubaOS que pueden conducir a la divulgaci\u00f3n parcial de informaci\u00f3n confidencial en el proceso de negociaci\u00f3n IKE_AUTH. Los escenarios en los que puede ocurrir la divulgaci\u00f3n de informaci\u00f3n potencialmente confidencial son complejos y dependen de factores que escapan al control de los atacantes."
}
],
"id": "CVE-2024-25616",
"lastModified": "2025-07-28T13:02:28.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T21:15:08.807",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F",
"versionEndExcluding": "8.7.0.0-2.3.0.7",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96",
"versionEndExcluding": "6.5.4.23",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468",
"versionEndExcluding": "8.6.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37901",
"lastModified": "2025-05-02T19:15:51.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.737",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:22
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234",
"versionEndExcluding": "10.4.1.4",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286",
"versionEndExcluding": "10.6.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
},
{
"lang": "es",
"value": "Existen vulnerabilidades en el Soft AP Daemon Service que podr\u00edan permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."
}
],
"id": "CVE-2024-42393",
"lastModified": "2024-08-12T18:22:45.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:56.640",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:02
Severity ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-25613",
"lastModified": "2025-07-28T13:02:06.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-03-05T21:15:08.307",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"id": "CVE-2023-22772",
"lastModified": "2025-03-07T21:15:14.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.100",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de eliminaci\u00f3n de archivos arbitrarios en CLI Service al que accede PAPI (el protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso."
}
],
"id": "CVE-2023-45617",
"lastModified": "2024-11-21T08:27:04.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.827",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticado en el manejo de determinadas cadenas SSID por Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del AP afectado de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37895",
"lastModified": "2024-11-21T07:15:19.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:13.040",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:02
Severity ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el servicio Spectrum al que se accede a trav\u00e9s del protocolo PAPI en ArubaOS 8.x. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-25615",
"lastModified": "2025-07-28T13:02:21.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-03-05T21:15:08.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en bootloader de ArubaOS en los controladores de la serie 7xxx que puede provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un sistema afectado. Un atacante exitoso puede causar un bloqueo del sistema que solo puede resolverse mediante un ciclo de encendido del controlador afectado."
}
],
"id": "CVE-2022-37907",
"lastModified": "2025-05-02T19:15:52.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.120",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 3.1 | |
| arubanetworks | arubaos | 3.2 | |
| arubanetworks | aruba_mobility__controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E079F26E-4778-467D-90CA-2CB352DDD0AF",
"versionEndIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57570C0F-C6A2-45B2-AADE-F555E2C8630C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99F8E4DB-64D1-4668-A2B2-77AFDD79E689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_mobility__controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5433365A-0E35-48E8-BB9E-74EBB0632131",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente de autenticaci\u00f3n TACACS en Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x permite a usuarios remotos autenticados conseguir privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-2273",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-16T12:54:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30262"
},
{
"source": "cve@mitre.org",
"url": "http://www.arubanetworks.com/support/alerts/aid-051408.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492113/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29240"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.arubanetworks.com/support/alerts/aid-051408.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492113/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22768",
"lastModified": "2024-11-21T07:45:23.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.833",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u00a0conduct a stored cross-site scripting (XSS) attack against a\u00a0user of the interface. A successful exploit could\u00a0allow an attacker to execute arbitrary script code in a\u00a0victim\u0027s browser in the context of the affected interface."
}
],
"id": "CVE-2023-35971",
"lastModified": "2024-11-21T08:09:05.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 6.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.277",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento de b\u00fafer en el servicio de Comunicaciones Centrales subyacente que podr\u00edan conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31469",
"lastModified": "2025-06-24T14:15:27.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:09.153",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad resulta en una Denegaci\u00f3n de Servicio (DoS) en el sistema afectado."
}
],
"id": "CVE-2022-37910",
"lastModified": "2025-05-02T19:15:52.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.317",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en Wi-Fi Uplink Service al que se accede a trav\u00e9s a trav\u00e9s protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45623",
"lastModified": "2024-11-21T08:27:05.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.883",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E576744-779A-4260-A652-DDDC13253852",
"versionEndExcluding": "6.4.4.8-4.2.4.22",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB799D-F5E8-43A1-AF0A-37EF2C96EE4C",
"versionEndExcluding": "6.5.4.25",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72B488-0300-4E55-9E51-2A654B5FACE4",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA44337-4B77-4117-ADA1-8C3172A0BBED",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD7FEF-A76F-47B3-93D0-97FE246F4AF9",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-35980",
"lastModified": "2024-11-21T08:09:06.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.327",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"id": "CVE-2023-35977",
"lastModified": "2024-11-21T08:09:05.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.720",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31476",
"lastModified": "2025-06-24T16:15:24.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:11.150",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 18:15
Modified
2024-11-21 08:13
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - | |
| arubanetworks | 9240 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB9BE64-9455-46B2-80C8-BD9B88A8F372",
"versionEndExcluding": "8.6.0.22",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48293E3F-C6BD-4875-8C7A-67ED41B7C18D",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BF9E0D-630F-40B4-9109-560CA13C981B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the secure boot implementation on affected\u00a0Aruba 9200 and 9000 Series Controllers and Gateways allows\u00a0an attacker to bypass security controls which would normally\u00a0prohibit unsigned kernel images from executing. An attacker\u00a0can use this vulnerability to execute arbitrary runtime\u00a0operating systems, including unverified and unsigned OS\u00a0images."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de arranque seguro en los Controladores y Gateways de las Series Aruba 9200 y 9000 afectados permite a un atacante eludir los controles de seguridad que normalmente prohibir\u00edan la ejecuci\u00f3n de im\u00e1genes del kernel sin firmar. Un atacante puede utilizar esta vulnerabilidad para ejecutar sistemas operativos en tiempo de ejecuci\u00f3n arbitrarios, incluidas im\u00e1genes de sistema operativo no verificadas y sin firmar."
}
],
"id": "CVE-2023-38486",
"lastModified": "2024-11-21T08:13:40.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T18:15:08.547",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22755",
"lastModified": "2024-11-21T07:45:21.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.967",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"id": "CVE-2023-35976",
"lastModified": "2024-11-21T08:09:05.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.650",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"id": "CVE-2023-22773",
"lastModified": "2025-03-07T21:15:14.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F",
"versionEndExcluding": "8.7.0.0-2.3.0.7",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96",
"versionEndExcluding": "6.5.4.23",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468",
"versionEndExcluding": "8.6.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad que permite a un atacante autenticado sobrescribir un archivo arbitrario con contenido controlado por el atacante a trav\u00e9s de la interfaz web. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda comprometer completamente el sistema operativo del host subyacente."
}
],
"id": "CVE-2022-37903",
"lastModified": "2025-05-02T15:15:46.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.863",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22767",
"lastModified": "2025-03-11T15:15:37.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.767",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-08 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | 6.3.11 | |
| arubanetworks | arubaos | 6.3.11 | |
| arubanetworks | arubaos | 6.4.2.1 | |
| arubanetworks | arubaos | 6.4.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "898257E2-71D8-45B0-AEBA-489CA70DCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.11:fips:*:*:*:*:*:*",
"matchCriteriaId": "6AC452B9-E2C9-40AB-A88C-ECDED327CD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AD2B98-94AF-4132-B92B-ECA4B5669AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.4.2.1:fips:*:*:*:*:*:*",
"matchCriteriaId": "35BCB9B9-7E4A-438E-AB0C-E14AC0B326D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la interfaces de administraci\u00f3n en ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, y 6.4.2.1-FIPS en los controladores Aruba permite a atacantes remotos evadir la autenticaci\u00f3n, y obtener informaci\u00f3n potencialmente sensible o a\u00f1adir cuentas de hu\u00e9spedes, a trav\u00e9s de una sesi\u00f3n SSH."
}
],
"id": "CVE-2014-7299",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-08T01:55:06.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-10072014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-10072014.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7025607-CDA9-4A3A-BB64-93C2B5E77DBD",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84533A-21E7-4338-BF5C-45FA14B2F42B",
"versionEndExcluding": "8.8.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de tipo cross-site request forgery (csrf) remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37725",
"lastModified": "2024-11-21T06:15:48.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.940",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22764",
"lastModified": "2025-03-11T14:15:17.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.573",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22770",
"lastModified": "2024-11-21T07:45:23.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.963",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45615",
"lastModified": "2024-11-21T08:27:04.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.487",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad autenticada que permite a un atacante establecer de manera efectiva la ejecuci\u00f3n de c\u00f3digo arbitrario persistente y altamente privilegiado a lo largo de los ciclos de arranque."
}
],
"id": "CVE-2023-45626",
"lastModified": "2024-11-21T08:27:05.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.410",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Vendor Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A",
"versionEndExcluding": "8.5.0.13",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20854D4C-2742-4F5C-90FE-91B80FB47F60",
"versionEndExcluding": "8.6.0.11",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84533A-21E7-4338-BF5C-45FA14B2F42B",
"versionEndExcluding": "8.8.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "263ED693-81B9-4951-B85F-6EFCC9AFAAF2",
"versionEndIncluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba Operating System Software versiones: Anteriores a 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba ha publicado parches para ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37728",
"lastModified": "2024-11-21T06:15:49.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.987",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote command injection vulnerability\u00a0exists in the ArubaOS web-based management interface.\u00a0Successful exploitation of this vulnerability results in the\u00a0ability to execute arbitrary commands as a privileged user\u00a0on the underlying operating system. This allows an attacker\u00a0to fully compromise the underlying operating system on the\u00a0device running ArubaOS."
}
],
"id": "CVE-2023-35972",
"lastModified": "2024-11-21T08:09:05.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.367",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-31478",
"lastModified": "2025-06-24T15:15:22.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:11.710",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 02:15
Modified
2024-11-21 05:15
Severity ?
Summary
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - | |
| arubanetworks | sd-wan | * | |
| arubanetworks | sd-wan | * | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49A45927-D609-48E3-A5E5-FEB977F4F58D",
"versionEndExcluding": "8.2.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "419BC61F-B002-4848-BB6B-51CA15C8E6F2",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A",
"versionEndExcluding": "2.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4",
"versionEndExcluding": "2.2.0.1",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
},
{
"lang": "es",
"value": "Un atacante es capaz de inyectar remotamente comandos arbitrarios mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP (8211) de PAPI (protocolo de Aruba Networks AP Management) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo"
}
],
"id": "CVE-2020-24634",
"lastModified": "2024-11-21T05:15:17.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T02:15:11.057",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"id": "CVE-2023-22774",
"lastModified": "2025-03-07T21:15:14.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.253",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E576744-779A-4260-A652-DDDC13253852",
"versionEndExcluding": "6.4.4.8-4.2.4.22",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB799D-F5E8-43A1-AF0A-37EF2C96EE4C",
"versionEndExcluding": "6.5.4.25",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72B488-0300-4E55-9E51-2A654B5FACE4",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA44337-4B77-4117-ADA1-8C3172A0BBED",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD7FEF-A76F-47B3-93D0-97FE246F4AF9",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-35982",
"lastModified": "2024-11-21T08:09:06.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.480",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2025-01-31 18:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22790",
"lastModified": "2025-01-31T18:15:32.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.573",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el servicio CLI al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-31481",
"lastModified": "2025-06-24T16:15:25.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:12.593",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system."
}
],
"id": "CVE-2023-35975",
"lastModified": "2024-11-21T08:09:05.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.580",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 04:11
Severity ?
Summary
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://www.securityfocus.com/bid/105814 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105814 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F19E1F-F852-4A9E-BCA0-C00095FC4E81",
"versionEndExcluding": "6.4.4.20",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E4BE0C-4329-40EF-8806-8BA8B0FD3CC9",
"versionEndExcluding": "6.5.3.9",
"versionStartIncluding": "6.5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CCB557-CCF0-4C6E-BC96-B0FC06D1C1AF",
"versionEndExcluding": "6.5.4.9",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3CF639-D500-4AE0-A2F3-1B4D9F08EC35",
"versionEndExcluding": "8.2.2.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39FFDECF-2181-4795-AAE6-3960AEB867D4",
"versionEndExcluding": "8.3.0.4",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:203rp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78EE6E62-F628-4978-8C02-934B3B28E751",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:203rp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA926A8-93A3-4C56-87A5-E29C370D897F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:203r_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D749127-3A66-4155-A072-835518E3594D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:203r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D41FCBFE-661D-42E3-9211-DBEB84CDBBCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:ap-300_series_access_points_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C17C487E-7233-4F4D-ADD3-E32F80B44C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:ap-300_series_access_points:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1019E0BD-36A9-4620-9EE1-0DAF92C4C5CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:ap-300_series_instant_access_points_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75D9CDF3-0EEC-416A-89D6-3C5F81AE7798",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:ap-300_series_instant_access_points:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F091F2-1798-41EB-863E-B3D68F9F58D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el firmware de las radios BLE embebidas que forman parte de algunos puntos de acceso de Aruba. Un atacante que pueda explotar esta vulnerabilidad podr\u00eda instalar firmware nuevo y potencialmente malicioso en la radio BLE del punto de acceso para obtener acceso al puerto de la consola del punto de acceso. Esta vulnerabilidad es aplicable solo si la radio BLE est\u00e1 habilitada en los puntos de acceso afectados. La radio BLE est\u00e1 deshabilitada por defecto. Nota: los productos Aruba NO se han visto afectados por una vulnerabilidad rastreada como CVE-2018-16986."
}
],
"id": "CVE-2018-7080",
"lastModified": "2024-11-21T04:11:37.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:01.390",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105814"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-06 18:16
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt | Mailing List, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:ap-103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45B3C8-D048-4EA8-83DF-F99BDB88894C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-114:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF896539-EC3B-4DA0-B955-08E9C7E897EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC40C9-6EF5-4CE9-A74D-A042598899DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEC8F63-AFAF-4C28-81B4-DBEDC3B01339",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF600978-50DE-4534-8063-F064BC68AC1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D34B3C-71E2-44D2-AFC0-253A7B62C386",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "559619E9-DE70-4259-8F79-23CC5ACF6C5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16277CC2-2A9A-44D3-8BC2-C77BE2435D1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50B5B834-3443-4EA0-98F1-809917EF6904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "198EA730-8E4F-4AF0-ACA2-39B6BC266422",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E897029-8910-4D9B-841E-21B94ACC66DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A62E7C-5B33-461F-B92F-9E4E765A84A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE6FCBF-87BD-484B-BA0B-464DD7666F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88193D54-C8F9-48BC-8541-E0FDECE57828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-303:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F7C91F-FA10-426A-BD14-098F0D06B636",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC166340-BF92-447F-9468-AFB658B7FC3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB70364-2497-487D-AA82-7139B7BA81D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5831B-74AC-4189-87F8-18BC170AC10F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAA199F-9D74-4122-855B-1044C27B84A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-318:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1070A64-2765-4F43-97DE-FD24B08CB802",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F50F4A-80C7-4A32-90F1-C5838ADFE8F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F1C511-B9F7-4499-B33C-8B3D7551537B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-334:-:*:*:*:*:*:*:*",
"matchCriteriaId": "788F8BF1-1AA0-4BB9-BE5E-60575A5ED054",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9725F571-C957-44C7-9ECB-58D888315AA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC18D01-F71E-4200-A585-AB8EDA66F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E235F24-7AAB-49A0-81DA-E3B03290CD45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB66E34-16CC-4CF4-A544-EC7C1BF47386",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-514:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D51F66-864C-4EEE-BC9D-5DC6E3D54D4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5C706F-F87B-4DF7-A85C-54A5229183C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-534:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E4D103-8A2F-4CC9-B51C-0D4AB5F97261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-535:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F96A1322-03A5-461C-A5A1-2102852A719D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F8A98B-6D70-4C8A-9379-FC66B10BAFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0219C4A-855C-4CCC-9C56-499697A91B94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18C831D-4D5C-4A50-8101-2CFB3D1B5210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56700415-4944-4364-B010-213B06526062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-114:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71A1AEEA-F680-4A04-93AD-B232E0E95C5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BD77D5-A2E1-4AFF-AF1B-0D010DC85287",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00E43247-386E-42EE-A5E0-F4857B59AE85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E815C-64FF-4D1D-A029-C0257CE71740",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BF805A-B08D-4728-A0A2-9FC00F5AADAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E75FEF6-1D57-4689-BFB5-32E390A01798",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "994278AA-D708-4A75-AE67-F67A16D1A586",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1C5D34-AD4A-4994-9E53-0F062304F2EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-305:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D1E253-FAA4-42CC-8105-4D0502C85E01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-314:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E4ED7F-62B7-4BB1-BE92-0CC0C7DBCD96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-315:-:*:*:*:*:*:*:*",
"matchCriteriaId": "851E2D25-705C-4F51-A990-246C2E4D8F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-318:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E128A41C-307F-4A1D-B263-E4150059B76F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4842D72-E733-4166-9604-4AEA6CC2E892",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32EEA27C-3219-4D02-B2D3-973D0DAF0914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:iap-334:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B5F287-EEB8-4C33-99D2-520E217D800C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:rap-108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7069C938-C883-4533-B043-53721566398A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:rap-109:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9AA606-14EE-48DC-BE12-1A0807DFB1E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remoto no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de gesti\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InnstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37888",
"lastModified": "2024-11-21T07:15:18.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-06T18:16:05.287",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
5.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
}
],
"id": "CVE-2023-22791",
"lastModified": "2024-11-21T07:45:26.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.647",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal
operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) autenticada en CLI Service. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45627",
"lastModified": "2024-11-21T08:27:05.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.573",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 12:46
Severity ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F833E843-EF22-47E6-AE6D-3EA191E3B2AE",
"versionEndIncluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4114ED80-7009-40A3-BD15-87D73B945E11",
"versionEndIncluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F8CDED-970C-47F8-BFB6-694CA7CCB4A2",
"versionEndIncluding": "10.4.0.3",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F00A8EB4-D0AD-40B1-9DAD-86F0C9598B0E",
"versionEndIncluding": "10.5.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-1356",
"lastModified": "2025-07-28T12:46:23.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-03-05T21:15:07.593",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba Operating System Software versiones: anteriores a 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37724",
"lastModified": "2024-11-21T06:15:48.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.897",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37912",
"lastModified": "2025-05-02T15:15:47.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.440",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-28 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | 6.2.0.0 | |
| arubanetworks | arubaos | 6.2.0.1 | |
| arubanetworks | arubaos | 6.2.0.2 | |
| arubanetworks | arubaos | 6.1.3.0 | |
| arubanetworks | arubaos | 6.1.3.1 | |
| arubanetworks | arubaos | 6.1.3.2 | |
| arubanetworks | arubaos | 6.1.3.4 | |
| arubanetworks | arubaos | 6.1.3.5 | |
| arubanetworks | arubaos | 6.1.3.6 | |
| arubanetworks | arubaos | 6.1.2.3 | |
| arubanetworks | arubaos | 6.1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1BB950-27ED-4FD5-AB4B-9A2A2335E2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7C0BA2-C8F0-48B0-8B6F-5A31E87E216F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55915155-C7B9-4485-B046-8CDF70F8AB35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9792484-1C9D-4A94-8BC0-F3389388037A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83D0BE40-36C1-4177-A545-BC1F7435C1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A8B524-49C4-4069-9F08-795EE3ABEFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2652D8B-C361-4349-B7FC-3C40BF0A3F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22013B3A-82E6-4960-9D6D-0BEF991153F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "923BCFD5-15F0-4088-9E24-7CA5626AAB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.2.3:-:fips:*:*:*:*:*",
"matchCriteriaId": "00DC1E4C-98D2-4D02-9C2E-73124961F525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.4.2:-:fips:*:*:*:*:*",
"matchCriteriaId": "12EA628C-9D87-423F-A494-8CB9DCCB6287",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el tablero de la WebUI ArubaOS Administraci\u00f3n en Aruba Networks ArubaOS v6.2.x antes de v6.2.0.3, v6.1.3.x antes de v6.1.3.7, v6.1.x-FIPS antes de 6.1.4.3-FIPS, y 6.1.x-Airgroup antes v6.1.3.6-Airgroup, utilizada por el Mobility Controller, que permite a los puntos de acceso inal\u00e1mbricos remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un SSID dise\u00f1ado."
}
],
"id": "CVE-2013-2290",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-28T23:55:01.823",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/91485"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52690"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-042213.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58579"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-042213.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82917"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22749",
"lastModified": "2025-03-07T21:15:13.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.560",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 02:15
Modified
2024-11-21 05:15
Severity ?
Summary
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - | |
| arubanetworks | sd-wan | * | |
| arubanetworks | sd-wan | * | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54105104-BEC9-4E17-BE32-96F2111310F1",
"versionEndExcluding": "8.5.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A",
"versionEndExcluding": "2.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4",
"versionEndExcluding": "2.2.0.1",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
},
{
"lang": "es",
"value": "Dos vulnerabilidades en la implementaci\u00f3n de ArubaOS GRUB2 permiten a un atacante omitir el arranque seguro.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda conllevar a un compromiso remoto de la integridad del sistema al permitir a un atacante cargar un kernel modificado o no confiable en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y anteriores;\u0026#xa0;6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo;\u0026#xa0;6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo"
}
],
"id": "CVE-2020-24637",
"lastModified": "2024-11-21T05:15:18.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T02:15:11.117",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad resulta en la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4. 23 y siguientes; Aruba InstantOS 8.6.x: 8.6.0.18 y siguientes; Aruba InstantOS 8.7.x: 8.7.1.9 y siguientes; Aruba InstantOS 8.10.x: 8.10.0.1 y siguientes; ArubaOS 10.3.x: 10.3.1.0 y siguientes; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37893",
"lastModified": "2024-11-21T07:15:19.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:12.597",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-01 17:15
Modified
2025-07-28 12:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687598A9-2EB1-4E01-BC09-29C8D958FF84",
"versionEndIncluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5B363-53C1-4F6C-96FB-1D2040AB3799",
"versionEndIncluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E2EB73-BD2F-4777-8892-A815287C67F8",
"versionEndIncluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DB89D7-E1FA-4CF1-AB2E-F6A095988D76",
"versionEndIncluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el servicio de administraci\u00f3n de AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-33515",
"lastModified": "2025-07-28T12:50:47.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-01T17:15:36.837",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 18:15
Modified
2024-11-21 08:13
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - | |
| arubanetworks | 9240 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB9BE64-9455-46B2-80C8-BD9B88A8F372",
"versionEndExcluding": "8.6.0.22",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48293E3F-C6BD-4875-8C7A-67ED41B7C18D",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BF9E0D-630F-40B4-9109-560CA13C981B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u00a0allow an attacker to execute arbitrary code early in the boot\u00a0sequence. An attacker could exploit this vulnerability to\u00a0gain access to and change underlying sensitive information\u00a0in the affected controller leading to complete system\u00a0compromise."
},
{
"lang": "es",
"value": "Existen vulnerabilidades en la implementaci\u00f3n de la BIOS de los Controladores y Gateways de las Series 9200 y 9000 de Aruba que podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario en las primeras etapas de la secuencia de inicio. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso y cambiar informaci\u00f3n sensible subyacente en el controlador afectado, lo que comprometer\u00eda completamente el sistema."
}
],
"id": "CVE-2023-38484",
"lastModified": "2024-11-21T08:13:39.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T18:15:08.393",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-01 17:15
Modified
2025-07-25 15:34
Severity ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el servicio Radio Frequency Manager al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-33518",
"lastModified": "2025-07-25T15:34:11.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-05-01T17:15:37.323",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticada en Soft Ap Daemon al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45624",
"lastModified": "2024-11-21T08:27:05.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.077",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Summary
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n"
}
],
"id": "CVE-2023-22771",
"lastModified": "2024-11-21T07:45:23.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.030",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n"
}
],
"id": "CVE-2023-22776",
"lastModified": "2025-03-07T21:15:14.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.473",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:44
Severity ?
Summary
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF06169-5BCD-48AC-BE0C-23075295CA54",
"versionEndExcluding": "6.4.4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDB8CE1-BFCB-4304-AF2D-F97B862BBBD2",
"versionEndExcluding": "6.5.4.11",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "724DC958-F1D7-4BED-B8BD-3B77767F5B70",
"versionEndExcluding": "8.2.1.0",
"versionStartIncluding": "6.5.4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E31DAB-B1D9-47B9-BE99-076A7400A487",
"versionEndExcluding": "8.3.0.0",
"versionStartIncluding": "8.2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability."
},
{
"lang": "es",
"value": "Algunos componentes web en el software ArubaOS son susceptibles a vulnerabilidades de divisi\u00f3n de respuesta HTTP (inyecci\u00f3n CRLF) y de tipo XSS Reflejado. Un atacante podr\u00eda ser capaz de lograr esto mediante el env\u00edo de determinados par\u00e1metros URL que desencadenar\u00edan esta vulnerabilidad."
}
],
"id": "CVE-2019-5314",
"lastModified": "2024-11-21T04:44:43.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-13T17:15:12.130",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n"
}
],
"id": "CVE-2023-22775",
"lastModified": "2025-03-07T21:15:14.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.330",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 02:15
Modified
2024-11-21 05:15
Severity ?
Summary
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - | |
| arubanetworks | sd-wan | * | |
| arubanetworks | sd-wan | * | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1BBC46-36EA-47DE-9173-707A23325F1A",
"versionEndExcluding": "6.4.4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66C41F7C-BB41-449A-B030-C029E33AD041",
"versionEndExcluding": "6.5.4.18",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65383999-0515-4646-9510-677D33ECBB11",
"versionEndExcluding": "8.2.2.10",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0",
"versionEndExcluding": "8.3.0.14",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "419BC61F-B002-4848-BB6B-51CA15C8E6F2",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271",
"versionEndExcluding": "8.7.1.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A",
"versionEndExcluding": "2.1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4",
"versionEndExcluding": "2.2.0.1",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticada mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP (8211) de PAPI (protocolo de administraci\u00f3n Aruba Networks AP) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo"
}
],
"id": "CVE-2020-24633",
"lastModified": "2024-11-21T05:15:17.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T02:15:10.943",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
}
],
"id": "CVE-2023-22787",
"lastModified": "2024-11-21T07:45:25.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.367",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento de b\u00fafer en el servicio CLI subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31467",
"lastModified": "2025-06-24T14:15:27.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:08.250",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10 podr\u00eda permitir a un atacante remoto conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de la interfaz. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de una v\u00edctima en el contexto de la interfaz afectada de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37896",
"lastModified": "2024-11-21T07:15:19.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:13.207",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22747",
"lastModified": "2025-03-11T15:15:37.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.427",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer no autenticadas en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8.6.x: 8.6. 0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37890",
"lastModified": "2024-11-21T07:15:19.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.363",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-01 17:15
Modified
2025-07-28 12:49
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687598A9-2EB1-4E01-BC09-29C8D958FF84",
"versionEndIncluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5B363-53C1-4F6C-96FB-1D2040AB3799",
"versionEndIncluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E2EB73-BD2F-4777-8892-A815287C67F8",
"versionEndIncluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DB89D7-E1FA-4CF1-AB2E-F6A095988D76",
"versionEndIncluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el servicio de autenticaci\u00f3n al que se accede a trav\u00e9s del protocolo PAPI proporcionado por ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del controlador."
}
],
"id": "CVE-2024-33516",
"lastModified": "2025-07-28T12:49:09.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-01T17:15:37.000",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45620",
"lastModified": "2024-11-21T08:27:04.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.333",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ArubaOS could allow an unauthenticated\u00a0remote attacker to conduct a reflected cross-site scripting\u00a0(XSS) attack against a user of the web-based management\u00a0interface. A successful exploit could allow an attacker to\u00a0execute arbitrary script code in a victim\u0027s browser in the\u00a0context of the affected interface."
}
],
"id": "CVE-2023-35978",
"lastModified": "2024-11-21T08:09:05.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.790",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 14:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22753",
"lastModified": "2025-03-11T14:15:17.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.823",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:02
Severity ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-25612",
"lastModified": "2025-07-28T13:02:00.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-03-05T21:15:08.133",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-01 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F",
"versionEndExcluding": "8.7.0.0-2.3.0.7",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96",
"versionEndExcluding": "6.5.4.23",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468",
"versionEndExcluding": "8.6.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37900",
"lastModified": "2025-05-01T15:15:55.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.677",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-31 20:15
Modified
2024-11-21 02:47
Severity ?
Summary
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2016/May/19 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt | Vendor Advisory | |
| cve@mitre.org | https://www.google.com/about/appsecurity/research/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/May/19 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.google.com/about/appsecurity/research/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | airwave | * | |
| arubanetworks | aruba_instant | * | |
| arubanetworks | aruba_instant | 4.2.3.1 | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF58E3A-491E-4E93-BB95-490E046D910B",
"versionEndExcluding": "8.2.0.0",
"versionStartIncluding": "",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E7368A-F76A-48A7-ACBA-E788A6A379B8",
"versionEndExcluding": "4.1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:aruba_instant:4.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6FAE29-7941-46AA-A36E-9E190B5DFD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E1323A-9E36-4F30-BB17-E7A6C203B094",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672"
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en Aruba AirWave Management Platform versiones 8.x anteriores a 8.2, en la interfaz de administraci\u00f3n de un componente de un sistema subyacente llamado RabbitMQ, lo que podr\u00eda permitir a un usuario malicioso obtener informaci\u00f3n confidencial. Esta interfaz escucha sobre los puertos TCP 15672 y 55672"
}
],
"id": "CVE-2016-2032",
"lastModified": "2024-11-21T02:47:39.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-31T20:15:10.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.google.com/about/appsecurity/research/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.google.com/about/appsecurity/research/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"id": "CVE-2023-22758",
"lastModified": "2024-11-21T07:45:22.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.170",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 15:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22766",
"lastModified": "2025-03-11T15:15:37.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.700",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-01 17:15
Modified
2025-07-28 12:53
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687598A9-2EB1-4E01-BC09-29C8D958FF84",
"versionEndIncluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5B363-53C1-4F6C-96FB-1D2040AB3799",
"versionEndIncluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E2EB73-BD2F-4777-8892-A815287C67F8",
"versionEndIncluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DB89D7-E1FA-4CF1-AB2E-F6A095988D76",
"versionEndIncluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el servicio de administraci\u00f3n de AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-33513",
"lastModified": "2025-07-28T12:53:30.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-01T17:15:36.510",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el servicio de desautenticaci\u00f3n subyacente que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31473",
"lastModified": "2025-06-24T16:15:24.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:10.290",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el manejo de determinadas cadenas SSID por parte de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad resulta en la capacidad de interrumpir la operaci\u00f3n normal del AP afectado de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37894",
"lastModified": "2024-11-21T07:15:19.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T19:15:12.887",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-01 17:15
Modified
2025-07-28 12:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687598A9-2EB1-4E01-BC09-29C8D958FF84",
"versionEndIncluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5B363-53C1-4F6C-96FB-1D2040AB3799",
"versionEndIncluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E2EB73-BD2F-4777-8892-A815287C67F8",
"versionEndIncluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DB89D7-E1FA-4CF1-AB2E-F6A095988D76",
"versionEndIncluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el servicio Radio Frequency Manager al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-33517",
"lastModified": "2025-07-28T12:48:34.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-01T17:15:37.163",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37886",
"lastModified": "2024-11-21T07:15:18.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2025-01-28 21:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22788",
"lastModified": "2025-01-28T21:15:13.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.440",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el servicio CLI al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-31480",
"lastModified": "2025-06-24T16:15:25.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:12.363",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en el servicio de c\u00f3digo de escape ANSI al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-31482",
"lastModified": "2025-06-24T16:15:25.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:12.843",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | 3.1.1 | |
| arubanetworks | arubaos | 3.3.1.16 | |
| arubanetworks | arubaos | 3.3.1.29 | |
| arubanetworks | arubaos | 3.3.1.30 | |
| arubanetworks | arubaos | 3.3.2.6 | |
| arubanetworks | arubaos | 3.3.2.14 | |
| arubanetworks | arubaos | 3.4.0 | |
| arubanetworks | aruba_mobility_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.1.1:rn:*:*:*:*:*:*",
"matchCriteriaId": "A929FE47-A479-49B8-A7DC-C6B72C95B7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C79BFC0F-08A2-49CE-BA64-249093C2BFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "07DEE617-601D-45A0-A866-2A7CCD83D132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7E81A-1CFC-44BF-9C29-E802E19554B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF90F10B-64EA-4BFB-991F-11BD3192E2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.2.14:fips:*:*:*:*:*:*",
"matchCriteriaId": "DF6024D5-4D55-4716-B788-92E406C84F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41F28B-202A-4853-BE79-922CBE65E117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_mobility_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC5D17-929C-4814-A021-3AC9251F6EA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame."
},
{
"lang": "es",
"value": "ArubaOS v3.3.1.x, v3.3.2.x, RN v3.1.x, v3.4.x y v3.3.2.x-FIPS en \"Aruba Mobility Controller\" (controlador de movilidad de Aruba) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del punto de acceso) a trav\u00e9s de \"Association Request management frame\" (paquetes de gesti\u00f3n de peticiones de asociaci\u00f3n) 802.11 malformados."
}
],
"id": "CVE-2009-3836",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37085"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36832"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7025607-CDA9-4A3A-BB64-93C2B5E77DBD",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de desbordamiento de b\u00fafer remoto en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37716",
"lastModified": "2024-11-21T06:15:47.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.533",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37887",
"lastModified": "2024-11-21T07:15:18.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.237",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en AirWave Client Service subyacente que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45616",
"lastModified": "2024-11-21T08:27:04.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.663",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE",
"versionEndExcluding": "6.4.4.25",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5",
"versionEndExcluding": "6.5.4.20",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A",
"versionEndExcluding": "8.5.0.13",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37719",
"lastModified": "2024-11-21T06:15:47.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.680",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37889",
"lastModified": "2024-11-21T07:15:19.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.307",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22762",
"lastModified": "2024-11-21T07:45:22.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.433",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:01
Severity ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-25611",
"lastModified": "2025-07-28T13:01:45.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-03-05T21:15:07.887",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 20:15
Modified
2025-03-24 21:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.6.0.0 | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB98F67-A6E1-43B3-BB2E-3700523FAC75",
"versionEndExcluding": "10.4.1.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB90E9-0029-4B54-91AA-8C4D7347F423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42398",
"lastModified": "2025-03-24T21:15:17.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T20:15:40.480",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F",
"versionEndExcluding": "8.7.0.0-2.3.0.7",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96",
"versionEndExcluding": "6.5.4.23",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468",
"versionEndExcluding": "8.6.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37902",
"lastModified": "2025-05-02T14:15:18.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.797",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E576744-779A-4260-A652-DDDC13253852",
"versionEndExcluding": "6.4.4.8-4.2.4.22",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB799D-F5E8-43A1-AF0A-37EF2C96EE4C",
"versionEndExcluding": "6.5.4.25",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72B488-0300-4E55-9E51-2A654B5FACE4",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA44337-4B77-4117-ADA1-8C3172A0BBED",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD7FEF-A76F-47B3-93D0-97FE246F4AF9",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-35981",
"lastModified": "2024-11-21T08:09:06.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.410",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento de b\u00fafer en el servicio de Comunicaciones Centrales subyacente que podr\u00edan conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31468",
"lastModified": "2025-06-24T14:15:27.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:08.870",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer en m\u00faltiples servicios subyacentes que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticado mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP de PAPI (protocolo de administraci\u00f3n de AP de Aruba Networks) (8211). Una explotaci\u00f3n con \u00e9xito de estas vulnerabilidades resulta en la capacidad de ejecutar c\u00f3digo arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37885",
"lastModified": "2024-11-21T07:15:18.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.067",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10 ,podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo de script arbitrario en el navegador de una v\u00edctima en el contexto de la interfaz afectada de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2022-37892",
"lastModified": "2024-11-21T07:15:19.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.497",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-24 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226C7777-ECCC-49D2-8EB1-DD9EF57C90CC",
"versionEndIncluding": "6.2.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9792484-1C9D-4A94-8BC0-F3389388037A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83D0BE40-36C1-4177-A545-BC1F7435C1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A8B524-49C4-4069-9F08-795EE3ABEFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28256E-588F-4FB4-896A-15AF51F96992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2652D8B-C361-4349-B7FC-3C40BF0A3F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22013B3A-82E6-4960-9D6D-0BEF991153F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "923BCFD5-15F0-4088-9E24-7CA5626AAB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F73767C4-E464-430D-AE4D-80544CDD5023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "772E90DA-9454-4E4A-9E8E-82D9F6CCAFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "779FF186-DBB8-4299-862F-81BAF411AF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFA43C9-68E3-4F6B-ACAD-38BB7E1CDB42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F76952D-23C9-44BD-A93B-4EA5E934F481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4E3800-202E-4599-8F9C-FA59A36006EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56CC06B0-0A1E-48CB-8C0E-77F287D7089F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01B03A21-2068-4D87-BB91-23A2248450ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F679BAD-2DD2-4C68-9972-719B00E1B985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E1847B-18D8-48B5-96AB-289B634D4E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1043AAAB-7552-445A-ACDA-D09CDCC1CBC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28014EEA-14CC-4BC7-8762-D40E5C4BA9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9240A24-DDAD-4796-81DA-C884F6816628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "448B58B9-6693-4CF5-8E2A-686E62C6751A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D56FECAA-0C24-4F05-8782-08D9344BD177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76414368-D5D8-4A72-8314-2FF4B393763E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A40A06-AF71-4D9A-B2D5-4B0B3E29C602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C405B24F-ED7E-45C6-9752-0970B62BFE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51A1AACA-EACF-4E7B-A03D-7BD5875F421E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43D8D27F-7B6E-4444-950D-00EE3C739BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "33DE6F99-3E4E-4F54-90D3-FB542818C821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A183A679-A166-43A6-B087-42E836CB7F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "74B79D94-3A33-4FEB-A335-CE6E8A4C7DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "280CDEE1-4B4B-45B1-8D3F-0E115050F1EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "48D60A7F-143A-4A99-8ABD-77C6EC60392D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14349-BACC-4A0C-A5AD-0EAA17E1F544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E02C8F-5161-4331-A2E7-1333AF9A0EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90646603-434E-498B-A4DF-4ABC8666CE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3AFA15-9EAF-4833-BE89-F9EB7E9C9B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:6.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6184E5F6-A647-4A0C-9A96-F666D18F4053",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"RAP console\" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "La caracter\u00edstica \u0027RAP console\u0027 en ArubaOS 5.x hasta 6.2.x, 6.3.x anterior a 6.3.1.15, y 6.4.x anterior a 6.4.2.4 en los puntos de acceso de Aruba en el modo Remote Access Point (AP) permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1388",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-24T17:59:05.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el servicio de Comunicaciones Centrales subyacente que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31471",
"lastModified": "2025-06-24T15:15:22.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:09.753",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:11
Severity ?
Summary
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt | Vendor Advisory | |
| security-alert@hpe.com | https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEB8052-8974-4F8B-9C64-DCE9D7C76753",
"versionEndExcluding": "6.4.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5E9C2-A354-4F33-9D65-2A9FBDE6D085",
"versionEndExcluding": "6.5.4.13",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6448CB-1D2B-47A4-9F70-0CDBE4F35858",
"versionEndExcluding": "8.2.2.6",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F19B7F-1E7B-4C6E-AEB5-2755D10CA6CE",
"versionEndExcluding": "8.3.0.7",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5152AE7-9D5D-46D8-AC74-11CADDA2B366",
"versionEndExcluding": "8.4.0.3",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4420558-9318-4E4C-B607-952F2B9B95E3",
"versionEndExcluding": "8.5.0.0",
"versionStartIncluding": "8.4.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota est\u00e1 presente en los componentes de escucha de red en algunas versiones de ArubaOS. Un atacante con la capacidad de transmitir tr\u00e1fico IP especialmente dise\u00f1ado hacia un controlador de movilidad podr\u00eda explotar esta vulnerabilidad y causar un bloqueo del proceso o ejecutar c\u00f3digo arbitrario dentro del sistema operativo subyacente con todos los privilegios del sistema. Tal y como un ataque podr\u00eda conllevar a un compromiso total del sistema. La capacidad para transmitir tr\u00e1fico hacia una interfaz IP en el controlador de movilidad es requerida para llevar a cabo un ataque. El ataque aprovecha el protocolo PAPI (puerto UDP 8211). Si el controlador de movilidad est\u00e1 solo conectando el tr\u00e1fico L2 a un enlace ascendente y no tiene una direcci\u00f3n IP accesible para el atacante, no puede ser atacado."
}
],
"id": "CVE-2018-7081",
"lastModified": "2024-11-21T04:11:37.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-13T17:15:10.913",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F",
"versionEndExcluding": "8.7.0.0-2.3.0.7",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96",
"versionEndExcluding": "6.5.4.23",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468",
"versionEndExcluding": "8.6.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37898",
"lastModified": "2025-05-02T19:15:51.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.547",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\n\n"
},
{
"lang": "es",
"value": "Un atacante autenticado puede afectar la integridad del gestor de arranque de ArubaOS en los controladores de la serie 7xxx. Una explotaci\u00f3n exitosa puede comprometer la cadena de confianza del hardware en el controlador afectado."
}
],
"id": "CVE-2022-37908",
"lastModified": "2025-05-02T19:15:52.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.187",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"id": "CVE-2023-35973",
"lastModified": "2024-11-21T08:09:05.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.437",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba\u0027s Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en el servicio CLI al que accede PAPI (protocolo de gesti\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso afectado."
}
],
"id": "CVE-2024-31474",
"lastModified": "2025-06-24T16:15:24.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:10.560",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-463"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE",
"versionEndExcluding": "6.4.4.25",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5",
"versionEndExcluding": "6.5.4.20",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A",
"versionEndExcluding": "8.5.0.13",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37721",
"lastModified": "2024-11-21T06:15:48.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.773",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4898E07E-05BF-4673-B41E-151EEADE72B5",
"versionEndExcluding": "2.2.0.6",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543031ED-2E5A-4116-8715-AEE4C7E7E743",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.6; anteriores a 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37718",
"lastModified": "2024-11-21T06:15:47.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
},
{
"lang": "es",
"value": "Aruba ha identificado ciertas configuraciones de ArubaOS que pueden dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial de los ESSID configurados. Los escenarios en los que puede ocurrir la divulgaci\u00f3n de informaci\u00f3n potencialmente confidencial son complejos y dependen de factores que escapan al control de los atacantes."
}
],
"id": "CVE-2022-37909",
"lastModified": "2025-05-02T19:15:52.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.247",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n"
}
],
"id": "CVE-2023-22778",
"lastModified": "2025-03-07T21:15:14.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.657",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos no autenticada que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (Aruba Networks AP management protocol). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37897",
"lastModified": "2025-05-02T19:15:51.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.490",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Exploit, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E212ECA7-0194-4C9F-8E88-48C00B2627E8",
"versionEndExcluding": "8.5.0.11",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543031ED-2E5A-4116-8715-AEE4C7E7E743",
"versionEndExcluding": "8.6.0.7",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D134CB0-0E6F-4E28-9D75-2C46150A1620",
"versionEndExcluding": "8.7.1.1",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37733",
"lastModified": "2024-11-21T06:15:49.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:08.110",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 07:15
Severity ?
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| arubanetworks | instant | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B6376E-424F-4DBF-B00D-69C52E4B3E46",
"versionEndExcluding": "10.3.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F5A7C-442F-45A6-A149-2037042A1629",
"versionEndExcluding": "6.4.4.8-4.2.4.21",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A33DE52-E905-4EBD-BA56-1DC67B7DD9FD",
"versionEndExcluding": "6.5.4.24",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081502CC-38D4-46F9-85D0-3D1F701D5EE4",
"versionEndExcluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA3846D-54C5-4B92-86B6-6AC482C2B357",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32D91E1-3034-4E05-8FBA-98EF4562F3FE",
"versionEndExcluding": "8.10.0.2",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan vulnerabilidades de desbordamiento de b\u00fafer no autenticado en la interfaz de administraci\u00f3n web de Aruba InstantOS y ArubaOS versi\u00f3n 10. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8.6.x: 8.6. 0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad"
}
],
"id": "CVE-2022-37891",
"lastModified": "2024-11-21T07:15:19.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T18:15:21.430",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22763",
"lastModified": "2025-03-11T14:15:17.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.500",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en BLE Daemon Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45622",
"lastModified": "2024-11-21T08:27:05.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.660",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | sd-wan | - | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE",
"versionEndExcluding": "6.4.4.25",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3FC66C-10CD-461B-A269-1D5636D19787",
"versionEndExcluding": "6.5.4.19",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10C5D56-D66D-4FAE-8FDA-6CF759F65215",
"versionEndExcluding": "8.7.1.3",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37729",
"lastModified": "2024-11-21T06:15:49.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:08.030",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22748",
"lastModified": "2025-03-07T21:15:13.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.493",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba Operating System Software versiones: anteriores a 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37723",
"lastModified": "2024-11-21T06:15:48.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.853",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial autenticada en el servicio CLI al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de leer archivos arbitrarios en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31483",
"lastModified": "2025-06-24T16:15:25.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:13.097",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 20:15
Modified
2024-08-23 15:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.6.0.0 | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB98F67-A6E1-43B3-BB2E-3700523FAC75",
"versionEndExcluding": "10.4.1.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB90E9-0029-4B54-91AA-8C4D7347F423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42400",
"lastModified": "2024-08-23T15:06:00.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T20:15:40.943",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-11 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22752",
"lastModified": "2025-03-11T14:15:17.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.760",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller."
}
],
"id": "CVE-2023-35979",
"lastModified": "2024-11-21T08:09:06.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.863",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CF160-4F83-452D-9BA5-E8DCA1A15ABB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E729365A-B367-474E-BD7D-8437AD47D9B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDD143-B396-4C58-9FB9-BA4C3B8B953E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD639D9E-2722-47EF-94F0-2CAF9E94EFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47572BC-93F8-4E53-B2B7-E00855B59499",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80337C7-2A72-4E09-858B-0AA817D70746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "670224DA-CE4B-46BE-8B5C-2F310F7988B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B86FAE-2D7E-4B30-835A-C3D37A361A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3DC2D-7C6E-4044-AAB7-75FA5451AA56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22769",
"lastModified": "2024-11-21T07:45:23.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.900",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31477",
"lastModified": "2025-06-24T16:15:25.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:11.423",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades en ArubaOS que se ejecutan en controladores de la serie 7xxx que permiten a un atacante ejecutar c\u00f3digo arbitrario durante la secuencia de inicio. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante lograr una modificaci\u00f3n permanente del sistema operativo subyacente."
}
],
"id": "CVE-2022-37905",
"lastModified": "2025-05-02T19:15:51.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.990",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de eliminaci\u00f3n arbitraria de archivos en AirWave Client Service al que accede PAPI (el protocolo de gesti\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso."
}
],
"id": "CVE-2023-45618",
"lastModified": "2024-11-21T08:27:04.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.997",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:44
Severity ?
Summary
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B1F206-D8A0-4460-AA94-5670A68EE27E",
"versionEndExcluding": "8.3.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos est\u00e1 presente en la interfaz de administraci\u00f3n web de ArubaOS, lo que permite a un usuario autenticado ejecutar comandos arbitrarios sobre el sistema operativo subyacente. Un administrador malicioso podr\u00eda utilizar esta capacidad para instalar puertas traseras (backdoors) o cambiar la configuraci\u00f3n del sistema de una manera tal que no se registrar\u00eda. Esta vulnerabilidad solo afecta a ArubaOS versi\u00f3n 8.x."
}
],
"id": "CVE-2019-5315",
"lastModified": "2024-11-21T04:44:44.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-13T17:15:12.193",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 18:15
Modified
2024-11-21 08:13
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - | |
| arubanetworks | 9240 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB9BE64-9455-46B2-80C8-BD9B88A8F372",
"versionEndExcluding": "8.6.0.22",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48293E3F-C6BD-4875-8C7A-67ED41B7C18D",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BF9E0D-630F-40B4-9109-560CA13C981B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u00a0allow an attacker to execute arbitrary code early in the boot\u00a0sequence. An attacker could exploit this vulnerability to\u00a0gain access to and change underlying sensitive information\u00a0in the affected controller leading to complete system\u00a0compromise."
},
{
"lang": "es",
"value": "Existen vulnerabilidades en la implementaci\u00f3n del BIOS de los Controladores y Gateways de las Series 9200 y 9000 de Aruba que podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario en las primeras etapas de la secuencia de inicio. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener acceso y cambiar informaci\u00f3n sensible subyacente en el controlador afectado, lo que comprometer\u00eda completamente el sistema."
}
],
"id": "CVE-2023-38485",
"lastModified": "2024-11-21T08:13:40.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T18:15:08.480",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 15:15
Modified
2024-11-21 08:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"id": "CVE-2023-35974",
"lastModified": "2024-11-21T08:09:05.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T15:15:09.507",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0103D83D-C5A8-4F59-B5AF-B6F39A3F613F",
"versionEndExcluding": "8.7.0.0-2.3.0.7",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174292ED-9C76-4815-8DBA-E83CB1A59E96",
"versionEndExcluding": "6.5.4.23",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D7A806-4AB8-49DD-91D0-E81E3B4FD468",
"versionEndExcluding": "8.6.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E4F019-F048-4E6C-9EC7-B9B6A776C246",
"versionEndExcluding": "8.7.1.10",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF010C-30AB-43D2-BAAB-813B869675FB",
"versionEndIncluding": "8.9.0.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos autenticadas en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37899",
"lastModified": "2025-05-02T19:15:51.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.617",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-31 20:15
Modified
2024-11-21 02:47
Severity ?
Summary
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | airwave | * | |
| arubanetworks | aruba_instant | * | |
| arubanetworks | aruba_instant | 4.2.3.1 | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF58E3A-491E-4E93-BB95-490E046D910B",
"versionEndExcluding": "8.2.0.0",
"versionStartIncluding": "",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E7368A-F76A-48A7-ACBA-E788A6A379B8",
"versionEndExcluding": "4.1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arubanetworks:aruba_instant:4.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6FAE29-7941-46AA-A36E-9E190B5DFD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E1323A-9E36-4F30-BB17-E7A6C203B094",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en Aruba Instate versiones anteriores a 4.1.3.0 y 4.2.3.1, debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por el usuario y una comprobaci\u00f3n insuficiente de los par\u00e1metros, lo que podr\u00eda permitir a un usuario malicioso omitir las restricciones de seguridad, obtener informaci\u00f3n confidencial, llevar a cabo acciones no autorizadas y ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2016-2031",
"lastModified": "2024-11-21T02:47:39.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-31T20:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.securityfocus.com/bid/90207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.securityfocus.com/bid/90207"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-21 14:30
Modified
2025-04-09 00:30
Severity ?
Summary
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | aruba_mobility_controller | - | |
| arubanetworks | arubaos | 3.3.1.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_mobility_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864BE899-DE23-4C41-B17A-3218F6B2C11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C79BFC0F-08A2-49CE-BA64-249093C2BFC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s security documentation."
},
{
"lang": "es",
"value": "Aruba Mobility Controller con ArubaOS 3.3.1.16, y posiblemente otras versiones, instala por defecto el mismo certificado X.509 por defecto para todas las instalaciones, lo que permite a atacantes remotos eludir la autenticaci\u00f3n. NOTA: esto es s\u00f3lo una vulnerabilidad cuando el administrador no sigue las recomendaciones de la documentaci\u00f3n de seguridad del producto."
}
],
"id": "CVE-2008-7023",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-21T14:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51731"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496604/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496622/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496604/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496622/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31336"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234",
"versionEndExcluding": "10.4.1.4",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286",
"versionEndExcluding": "10.6.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
},
{
"lang": "es",
"value": "Existen vulnerabilidades en el Soft AP Daemon Service que podr\u00edan permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."
}
],
"id": "CVE-2024-42394",
"lastModified": "2024-08-12T18:23:19.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:56.830",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.3.0.0 | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA1F06-8C2E-4DB6-AE03-48B49ABD967E",
"versionEndIncluding": "8.9.03",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A36EB0-A525-4B05-B9CE-A31145A7157C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades en ArubaOS que se ejecutan en controladores de la serie 7xxx que permiten a un atacante ejecutar c\u00f3digo arbitrario durante la secuencia de inicio. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante lograr una modificaci\u00f3n permanente del sistema operativo subyacente."
}
],
"id": "CVE-2022-37904",
"lastModified": "2025-05-02T19:15:51.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:12.923",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-123"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22756",
"lastModified": "2024-11-21T07:45:21.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.033",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE",
"versionEndExcluding": "6.4.4.25",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5",
"versionEndExcluding": "6.5.4.20",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A",
"versionEndExcluding": "8.5.0.13",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37720",
"lastModified": "2024-11-21T06:15:47.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.723",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el servicio de comunicaciones centrales al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-31479",
"lastModified": "2025-06-24T16:15:25.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:11.997",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4898E07E-05BF-4673-B41E-151EEADE72B5",
"versionEndExcluding": "2.2.0.6",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.6; anteriores a 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37717",
"lastModified": "2024-11-21T06:15:47.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.593",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en RSSI Service al que accede PAPI (el protocolo de gesti\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso."
}
],
"id": "CVE-2023-45619",
"lastModified": "2024-11-21T08:27:04.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22757",
"lastModified": "2024-11-21T07:45:22.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.100",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en el servicio SAE (autenticaci\u00f3n simult\u00e1nea de iguales) subyacente que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31470",
"lastModified": "2025-06-24T14:15:27.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:09.443",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 23:15
Modified
2025-06-24 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de inyecci\u00f3n de comandos en el servicio Soft AP Daemon subyacente que podr\u00edan conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31472",
"lastModified": "2025-06-24T15:15:22.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T23:15:10.020",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal autenticada en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de la vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente."
}
],
"id": "CVE-2022-37906",
"lastModified": "2025-05-02T19:15:51.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.060",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"id": "CVE-2023-22759",
"lastModified": "2024-11-21T07:45:22.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.233",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 19:15
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Summary
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF50C4E-038A-4120-BF86-05DF607C59CB",
"versionEndExcluding": "8.7.0.0-2.3.0.6",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE5580-518E-4CC8-894A-A78F476D6EC7",
"versionEndExcluding": "6.5.4.22",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A7807B-5AD1-4CE1-8974-772067778D97",
"versionEndExcluding": "8.6.0.17",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F077A2FC-EE0D-4D8F-A5E1-A1BE3285EFDD",
"versionEndExcluding": "8.7.1.9",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B42F6-8255-411C-8E0D-9992F3C5F633",
"versionEndExcluding": "10.3.0.1",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.\n\n"
},
{
"lang": "es",
"value": "Debido a restricciones inadecuadas sobre entidades XML, existen m\u00faltiples vulnerabilidades en la interfaz de l\u00ednea de comandos de ArubaOS. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante autenticado recuperar archivos del sistema local o hacer que la aplicaci\u00f3n consuma recursos del sistema, lo que resultar\u00eda en una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."
}
],
"id": "CVE-2022-37911",
"lastModified": "2025-05-02T19:15:52.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:13.383",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"id": "CVE-2023-22760",
"lastModified": "2024-11-21T07:45:22.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.300",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2025-01-31 18:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22789",
"lastModified": "2025-01-31T18:15:32.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.503",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | 7005 | - | |
| arubanetworks | 7008 | - | |
| arubanetworks | 7010 | - | |
| arubanetworks | 7024 | - | |
| arubanetworks | 7030 | - | |
| arubanetworks | 7205 | - | |
| arubanetworks | 7210 | - | |
| arubanetworks | 7220 | - | |
| arubanetworks | 7240xm | - | |
| arubanetworks | 7280 | - | |
| arubanetworks | 9004 | - | |
| arubanetworks | 9004-lte | - | |
| arubanetworks | 9012 | - | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7025607-CDA9-4A3A-BB64-93C2B5E77DBD",
"versionEndExcluding": "8.3.0.15",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A8E4BB-BCA7-4ADA-AB8C-261B35FFF83F",
"versionEndExcluding": "8.5.0.12",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCACC080-B78C-4DC7-8D92-333D7ACB30D7",
"versionEndExcluding": "8.6.0.8",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CB4B7D-E78D-400F-B1B8-979D51776066",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4603220-61F1-4686-B55D-F9F5D27F324A",
"versionEndExcluding": "8.7.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de salto de ruta local en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37731",
"lastModified": "2024-11-21T06:15:49.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:08.070",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22750",
"lastModified": "2025-03-07T21:15:13.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.620",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234",
"versionEndExcluding": "10.4.1.4",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286",
"versionEndExcluding": "10.6.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en AP Certificate Management Service que podr\u00eda permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."
}
],
"id": "CVE-2024-42395",
"lastModified": "2024-08-12T18:23:57.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:57.017",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n"
}
],
"id": "CVE-2023-22777",
"lastModified": "2025-03-07T21:15:14.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:14.563",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BAB5F6-D00B-49DA-A9C9-26D19168185B",
"versionEndExcluding": "2.2.0.4",
"versionStartIncluding": "2.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453F3449-5019-47EB-9376-F8C7EBE5F6CE",
"versionEndExcluding": "6.4.4.25",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F859BC9-85CF-4C03-A651-625CD7C9FDB5",
"versionEndExcluding": "6.5.4.20",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5E45-FF52-4596-B261-AE05788A18E4",
"versionEndExcluding": "8.3.0.16",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A",
"versionEndExcluding": "8.5.0.13",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6032E8-9480-4323-BD48-B390716D2A28",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50A0F6-66FC-43CA-AA96-3498EC383052",
"versionEndExcluding": "8.7.1.4",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2021-37722",
"lastModified": "2024-11-21T06:15:48.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.813",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45614",
"lastModified": "2024-11-21T08:27:04.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.313",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45625",
"lastModified": "2024-11-21T08:27:05.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.243",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 20:15
Modified
2025-03-13 14:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.6.0.0 | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB98F67-A6E1-43B3-BB2E-3700523FAC75",
"versionEndExcluding": "10.4.1.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB90E9-0029-4B54-91AA-8C4D7347F423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42399",
"lastModified": "2025-03-13T14:15:30.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T20:15:40.717",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:02
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
"versionEndExcluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
"versionEndExcluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
"versionEndExcluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
"versionEndExcluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de eliminaci\u00f3n de archivos arbitraria en la CLI utilizada por ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda provocar condiciones de denegaci\u00f3n de servicio y afectar la integridad del controlador."
}
],
"id": "CVE-2024-25614",
"lastModified": "2025-07-28T13:02:14.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T21:15:08.473",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2025-03-07 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22751",
"lastModified": "2025-03-07T21:15:13.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.690",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 22:15
Modified
2025-06-24 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403",
"versionEndExcluding": "10.4.1.1",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B",
"versionEndExcluding": "10.5.1.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5",
"versionEndExcluding": "8.6.0.24",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A",
"versionEndExcluding": "8.10.0.11",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento de b\u00fafer en el servicio CLI subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2024-31466",
"lastModified": "2025-06-24T14:15:25.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T22:15:09.777",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-01 17:15
Modified
2025-07-28 12:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687598A9-2EB1-4E01-BC09-29C8D958FF84",
"versionEndIncluding": "8.10.0.10",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5B363-53C1-4F6C-96FB-1D2040AB3799",
"versionEndIncluding": "8.11.2.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E2EB73-BD2F-4777-8892-A815287C67F8",
"versionEndIncluding": "10.4.1.0",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DB89D7-E1FA-4CF1-AB2E-F6A095988D76",
"versionEndIncluding": "10.5.1.0",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el servicio de administraci\u00f3n de AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del servicio afectado."
}
],
"id": "CVE-2024-33514",
"lastModified": "2025-07-28T12:51:27.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-01T17:15:36.673",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"id": "CVE-2023-22754",
"lastModified": "2024-11-21T07:45:21.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:12.897",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | sd-wan | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7940F80-A647-488F-95D7-FBBB46CD5100",
"versionEndIncluding": "8.7.0.0-2.3.0.8",
"versionStartIncluding": "8.7.0.0-2.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AF7A4D-4169-47A8-A6BD-70C2AEB5E199",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB80251-B38D-4145-89E8-FFBFB653D8A4",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"id": "CVE-2023-22761",
"lastModified": "2024-11-21T07:45:22.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:13.367",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Vendor Advisory | |
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| siemens | scalance_w1750d_firmware | - | |
| siemens | scalance_w1750d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A50569C-7B66-4B90-9D00-CA8F2C4256E6",
"versionEndIncluding": "6.5.4.20",
"versionStartIncluding": "6.1.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A618CBDE-6769-4E08-B7FC-0D933F781086",
"versionEndExcluding": "8.8.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de tipo cross-site request forgery (csrf) en la(s) versi\u00f3n(es) de Aruba Operating System Software versiones: 6.x.x.x: todas las versiones, 8.x.x.x: todas las versiones anteriores a la 8.8.0.0. Aruba ha publicado parches para ArubaOS que solucionan esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2019-5318",
"lastModified": "2024-11-21T04:44:44.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.187",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45621",
"lastModified": "2024-11-21T08:27:04.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.497",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B85D7A28-8CBA-4D77-AD30-DB3CA49F2F98",
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0FC411C9-9A8A-49D0-B704-2207674778CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
"matchCriteriaId": "B2F3699A-38E4-4E9D-9414-411F71D9E371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54DF7A22-DF8B-4272-8EC6-48173E8860B8",
"versionEndExcluding": "r21.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "810B05A3-29CF-464F-9E63-8238AA0651AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22159717-67FD-4A10-9F65-4434FEC1F922",
"versionEndExcluding": "r24.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1FDAD-C594-43D9-9BF6-F7461177AB91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5454038C-F1F0-4061-8B5C-04A8CF1658C6",
"versionEndExcluding": "3.10.0.55",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF744446-5C60-4C66-BE6B-DD108487B46C",
"versionEndExcluding": "jimmy-al00ac00b135",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B543AF24-5D59-4A46-AC76-0EFF314E3D1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E861FF18-4E42-4092-81B6-0BB32679B2CF",
"versionEndIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DED50F-C1ED-43EB-9E63-B65F4F287F41",
"versionEndExcluding": "4.16.13m",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F144E5-EFB1-47E7-A2D2-28DEE6045CF6",
"versionEndExcluding": "4.17.8m",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1A3AF8-D105-4F13-8921-D94DCC7DE1AF",
"versionEndIncluding": "4.18.4.2f",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63C108C5-0EF5-4C6D-8D83-ADB5EED24A6F",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "284DF779-D900-48B4-A177-7281CD445AB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25B682B-83F5-4903-9138-16907DC7A859",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB9921A-5204-40A3-88AB-B7755F5C6875",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B2D681-1FBF-4013-B223-9878F4F1DB27",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE55F796-FA73-4992-9826-57A00F77F6CA",
"versionEndExcluding": "6.5.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE6B116-71BB-49BF-A5EF-4460D9089511",
"versionEndExcluding": "6.3.1.25",
"versionStartIncluding": "6.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "193354A0-B108-4CA4-A1C3-F5F23147A295",
"versionEndExcluding": "6.4.4.16",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D1AB4F-0922-49AF-9AE5-AEB4019E652C",
"versionEndExcluding": "6.5.1.9",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5D03FA-CE4E-4888-88E2-384986A890BA",
"versionEndExcluding": "6.5.3.3",
"versionStartIncluding": "6.5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E39B25F2-C65B-457F-A36E-14FC8285A004",
"versionEndExcluding": "6.5.4.2",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E53FE9-EA96-456A-B522-FC81DD0CCE3E",
"versionEndExcluding": "8.1.0.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46261C28-E276-4639-BA3D-A735B02599F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01527614-8A68-48DC-B0A0-F4AA99489221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65372FA7-B54B-4298-99BF-483E9FEBA253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D04EA1A-F8E0-415B-8786-1C8C0F08E132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegaci\u00f3n de servicio (cierre inesperado) o ejecutar c\u00f3digo arbitrario utilizando una respuesta DNS manipulada."
}
],
"id": "CVE-2017-14491",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-04T01:29:02.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"source": "cve@mitre.org",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-27 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | aruba_mobility_controller | * | |
| arubanetworks | arubaos | 3.3.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arubanetworks:aruba_mobility_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC5D17-929C-4814-A021-3AC9251F6EA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:3.3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF90F10B-64EA-4BFB-991F-11BD3192E2AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB."
},
{
"lang": "es",
"value": "Demonio en ArubaOS v3.3.2.6 en Aruba Mobility Controller no restringe el acceso SNMP, lo que permite a los atacantes remotos (1) leer todas las cadenas de caracteres SNMP de la comunidad a trav\u00e9s SNMP-COMMUNITY-MIB::snmpCommunityName (v1.3.6.1.6.3.18.1.1.1.2) o SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (v1.3.6.1.6.3.16.1.2.1.3) con conocimiento de una cadena de caracteres de la comunidad, y (2) leer SNMPv3 nombres de usuario a trav\u00e9s SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB."
}
],
"id": "CVE-2008-7095",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-27T18:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51916"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498033/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498033/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-22752 (GCVE-0-2023-22752)
Vulnerability from cvelistv5
Published
2023-02-28 16:30
Modified
2025-03-11 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:08:46.233271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:08:57.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22752",
"datePublished": "2023-02-28T16:30:06.487Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-11T14:08:57.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22768 (GCVE-0-2023-22768)
Vulnerability from cvelistv5
Published
2023-02-28 16:49
Modified
2025-03-07 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:03:00.783625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:03:15.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22768",
"datePublished": "2023-02-28T16:49:39.531Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2025-03-07T18:03:15.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38485 (GCVE-0-2023-38485)
Vulnerability from cvelistv5
Published
2023-09-06 17:47
Modified
2024-09-30 16:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | 9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways |
Version: ArubaOS 10.4.x.x ≤ <=10.4.0.1 Version: ArubaOS 8.11.x.x ≤ <=8.11.1.0 Version: ArubaOS 8.10.x.x ≤ <=8.10.0.6 Version: ArubaOS 8.6.x.x ≤ <=8.6.0.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hewlett_packard_enterprise:9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan",
"vendor": "hewlett_packard_enterprise",
"versions": [
{
"lessThanOrEqual": "8.11.1.0",
"status": "affected",
"version": "aruba-os_8.11.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.0.1",
"status": "affected",
"version": "aruba-os_10.4.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.6",
"status": "affected",
"version": "aruba-os_8.10.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.21",
"status": "affected",
"version": "aruba-os_8.11.x.x",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T16:15:14.407752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T16:18:23.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=10.4.0.1",
"status": "affected",
"version": "ArubaOS 10.4.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.11.1.0",
"status": "affected",
"version": "ArubaOS 8.11.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.6",
"status": "affected",
"version": "ArubaOS 8.10.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.6.0.21",
"status": "affected",
"version": "ArubaOS 8.6.x.x",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u0026nbsp;allow an attacker to execute arbitrary code early in the boot\u0026nbsp;sequence. An attacker could exploit this vulnerability to\u0026nbsp;gain access to and change underlying sensitive information\u0026nbsp;in the affected controller leading to complete system\u0026nbsp;compromise."
}
],
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u00a0allow an attacker to execute arbitrary code early in the boot\u00a0sequence. An attacker could exploit this vulnerability to\u00a0gain access to and change underlying sensitive information\u00a0in the affected controller leading to complete system\u00a0compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T17:47:29.963Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38485",
"datePublished": "2023-09-06T17:47:29.963Z",
"dateReserved": "2023-07-18T14:34:27.165Z",
"dateUpdated": "2024-09-30T16:18:23.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35975 (GCVE-0-2023-35975)
Vulnerability from cvelistv5
Published
2023-07-05 14:46
Modified
2024-12-04 15:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:39:28.929227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:39:41.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the\u0026nbsp;ArubaOS command line interface. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to delete arbitrary\u0026nbsp;files in the underlying operating system."
}
],
"value": "An authenticated path traversal vulnerability exists in the\u00a0ArubaOS command line interface. Successful exploitation of\u00a0this vulnerability results in the ability to delete arbitrary\u00a0files in the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:46:49.679Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35975",
"datePublished": "2023-07-05T14:46:49.679Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-12-04T15:39:41.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22773 (GCVE-0-2023-22773)
Vulnerability from cvelistv5
Published
2023-02-28 16:56
Modified
2025-03-07 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:44:50.994860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:45:09.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22773",
"datePublished": "2023-02-28T16:56:44.883Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2025-03-07T20:45:09.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31466 (GCVE-0-2024-31466)
Vulnerability from cvelistv5
Published
2024-05-14 22:04
Modified
2025-06-24 13:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:28.594103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:50:31.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:07:43.461Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31466",
"datePublished": "2024-05-14T22:04:39.665Z",
"dateReserved": "2024-04-03T21:21:22.896Z",
"dateUpdated": "2025-06-24T13:07:43.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22762 (GCVE-0-2023-22762)
Vulnerability from cvelistv5
Published
2023-02-28 16:46
Modified
2025-03-12 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:04:21.287180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:21:36.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22762",
"datePublished": "2023-02-28T16:46:03.890Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-12T16:21:36.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45624 (GCVE-0-2023-45624)
Vulnerability from cvelistv5
Published
2023-11-14 22:57
Modified
2025-02-27 18:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:30:47.657923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:31:57.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:57:05.727Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45624",
"datePublished": "2023-11-14T22:57:05.727Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2025-02-27T18:31:57.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31480 (GCVE-0-2024-31480)
Vulnerability from cvelistv5
Published
2024-05-14 22:34
Modified
2025-06-24 15:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:42:01.200373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:01:00.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:19:49.638Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31480",
"datePublished": "2024-05-14T22:34:42.949Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:19:49.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31479 (GCVE-0-2024-31479)
Vulnerability from cvelistv5
Published
2024-05-14 22:33
Modified
2025-06-24 15:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:25:35.184663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:00:39.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:17:14.638Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31479",
"datePublished": "2024-05-14T22:33:38.302Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:17:14.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37904 (GCVE-0-2022-37904)
Vulnerability from cvelistv5
Published
2022-11-03 19:13
Modified
2025-05-02 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:50:11.056519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:50:48.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\u003c/p\u003e"
}
],
"value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37904",
"datePublished": "2022-11-03T19:13:52.272Z",
"dateReserved": "2022-08-08T18:45:22.551Z",
"dateUpdated": "2025-05-02T18:50:48.433Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31478 (GCVE-0-2024-31478)
Vulnerability from cvelistv5
Published
2024-05-14 22:32
Modified
2025-06-24 15:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:41:22.094004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:00:19.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:01:43.100Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31478",
"datePublished": "2024-05-14T22:32:51.129Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:01:43.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37719 (GCVE-0-2021-37719)
Vulnerability from cvelistv5
Published
2021-09-07 12:06
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T12:06:35",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37719",
"datePublished": "2021-09-07T12:06:35",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37728 (GCVE-0-2021-37728)
Vulnerability from cvelistv5
Published
2021-09-07 12:36
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote path traversal
Summary
A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Operating System Software |
Version: Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:15",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37728",
"datePublished": "2021-09-07T12:36:38",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:30:08.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22787 (GCVE-0-2023-22787)
Vulnerability from cvelistv5
Published
2023-05-08 14:07
Modified
2025-01-31 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:05:05.306424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:05:29.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u0026nbsp;by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to interrupt the\u0026nbsp;normal operation of the affected access point."
}
],
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:07:18.315Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22787",
"datePublished": "2023-05-08T14:07:00.289Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2025-01-31T18:05:29.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22790 (GCVE-0-2023-22790)
Vulnerability from cvelistv5
Published
2023-05-08 14:08
Modified
2025-01-31 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:02:42.767154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:03:17.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
}
],
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:08:43.190Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22790",
"datePublished": "2023-05-08T14:08:43.190Z",
"dateReserved": "2023-01-06T15:24:20.511Z",
"dateUpdated": "2025-01-31T18:03:17.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33518 (GCVE-0-2024-33518)
Vulnerability from cvelistv5
Published
2024-05-01 16:35
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 10.5.x.x: 10.5.1.0 and below Version: ArubaOS 10.4.x.x: 10.4.1.0 and below Version: ArubaOS 8.11.x.x: 8.11.2.1 and below Version: ArubaOS 8.10.x.x: 8.10.0.10 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T18:22:15.479168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:57:11.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:03.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:35:09.048Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-33518",
"datePublished": "2024-05-01T16:35:09.048Z",
"dateReserved": "2024-04-23T14:21:30.435Z",
"dateUpdated": "2024-08-02T02:36:03.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37901 (GCVE-0-2022-37901)
Vulnerability from cvelistv5
Published
2022-11-03 19:00
Modified
2025-05-02 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:51:07.371531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:51:19.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37901",
"datePublished": "2022-11-03T19:00:12.293Z",
"dateReserved": "2022-08-08T18:45:22.550Z",
"dateUpdated": "2025-05-02T18:51:19.450Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37892 (GCVE-0-2022-37892)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Stored Cross-Site Scripting
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37892",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37890 (GCVE-0-2022-37890)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Buffer Overflow
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37890",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22770 (GCVE-0-2023-22770)
Vulnerability from cvelistv5
Published
2023-02-28 16:51
Modified
2025-03-07 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:01:22.677650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:01:36.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22770",
"datePublished": "2023-02-28T16:51:02.255Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2025-03-07T18:01:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22772 (GCVE-0-2023-22772)
Vulnerability from cvelistv5
Published
2023-02-28 16:55
Modified
2025-03-07 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:45:25.359581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:45:37.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22772",
"datePublished": "2023-02-28T16:55:26.690Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2025-03-07T20:45:37.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37722 (GCVE-0-2021-37722)
Vulnerability from cvelistv5
Published
2021-09-07 12:09
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:39",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37722",
"datePublished": "2021-09-07T12:09:31",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24633 (GCVE-0-2020-24633)
Vulnerability from cvelistv5
Published
2020-12-11 01:26
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote buffer overflow
Summary
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | Aruba 9000 Gateway |
Version: 2.1.0.1 Version: 2.2.0.0 and below |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba 9000 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.0.1"
},
{
"status": "affected",
"version": "2.2.0.0 and below"
}
]
},
{
"product": "Aruba 7000 Series Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.4.4.23"
},
{
"status": "affected",
"version": "6.5.4.17"
},
{
"status": "affected",
"version": "8.2.2.9"
},
{
"status": "affected",
"version": "8.3.0.13"
},
{
"status": "affected",
"version": "8.5.0.10"
},
{
"status": "affected",
"version": "8.6.0.5"
},
{
"status": "affected",
"version": "8.7.0.0 and below"
}
]
},
{
"product": "Aruba 7200 Series Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.4.4.23"
},
{
"status": "affected",
"version": "6.5.4.17"
},
{
"status": "affected",
"version": "8.2.2.9"
},
{
"status": "affected",
"version": "8.3.0.13"
},
{
"status": "affected",
"version": "8.5.0.10"
},
{
"status": "affected",
"version": "8.6.0.5"
},
{
"status": "affected",
"version": "8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T01:26:14",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba 9000 Gateway",
"version": {
"version_data": [
{
"version_value": "2.1.0.1"
},
{
"version_value": "2.2.0.0 and below"
}
]
}
},
{
"product_name": "Aruba 7000 Series Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "6.4.4.23"
},
{
"version_value": "6.5.4.17"
},
{
"version_value": "8.2.2.9"
},
{
"version_value": "8.3.0.13"
},
{
"version_value": "8.5.0.10"
},
{
"version_value": "8.6.0.5"
},
{
"version_value": "8.7.0.0 and below"
}
]
}
},
{
"product_name": "Aruba 7200 Series Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "6.4.4.23"
},
{
"version_value": "6.5.4.17"
},
{
"version_value": "8.2.2.9"
},
{
"version_value": "8.3.0.13"
},
{
"version_value": "8.5.0.10"
},
{
"version_value": "8.6.0.5"
},
{
"version_value": "8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24633",
"datePublished": "2020-12-11T01:26:14",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22774 (GCVE-0-2023-22774)
Vulnerability from cvelistv5
Published
2023-02-28 16:57
Modified
2025-03-07 20:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:44:22.826933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:44:36.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22774",
"datePublished": "2023-02-28T16:57:05.728Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2025-03-07T20:44:36.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35974 (GCVE-0-2023-35974)
Vulnerability from cvelistv5
Published
2023-07-05 14:45
Modified
2024-12-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:39:54.939542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:40:07.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in\u0026nbsp;the ArubaOS command line interface. Successful exploitation\u0026nbsp;of these vulnerabilities result in the ability to execute\u0026nbsp;arbitrary commands as a privileged user on the underlying\u0026nbsp;operating system."
}
],
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:45:43.215Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35974",
"datePublished": "2023-07-05T14:45:43.215Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-12-04T15:40:07.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22754 (GCVE-0-2023-22754)
Vulnerability from cvelistv5
Published
2023-02-28 16:34
Modified
2025-03-07 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:11:13.108556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:11:24.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:52:44.784Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22754",
"datePublished": "2023-02-28T16:34:48.324Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:11:24.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42395 (GCVE-0-2024-42395)
Vulnerability from cvelistv5
Published
2024-08-06 18:56
Modified
2024-08-08 14:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:51:10.591351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:47:07.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:44.319Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42395",
"datePublished": "2024-08-06T18:56:05.348Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-08T14:47:07.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42399 (GCVE-0-2024-42399)
Vulnerability from cvelistv5
Published
2024-08-06 19:48
Modified
2025-03-13 13:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:27:21.784664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:37:13.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:48:07.255Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42399",
"datePublished": "2024-08-06T19:48:07.255Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-13T13:37:13.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22777 (GCVE-0-2023-22777)
Vulnerability from cvelistv5
Published
2023-02-28 17:04
Modified
2025-03-07 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:43:05.260386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:43:18.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\u003cbr\u003e"
}
],
"value": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Information Disclosure in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22777",
"datePublished": "2023-02-28T17:04:20.522Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2025-03-07T20:43:18.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31471 (GCVE-0-2024-31471)
Vulnerability from cvelistv5
Published
2024-05-14 22:27
Modified
2025-06-24 14:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:32.598112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:53:13.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T14:26:02.859Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31471",
"datePublished": "2024-05-14T22:27:21.146Z",
"dateReserved": "2024-04-03T21:21:22.896Z",
"dateUpdated": "2025-06-24T14:26:02.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37908 (GCVE-0-2022-37908)
Vulnerability from cvelistv5
Published
2022-11-03 19:29
Modified
2025-05-02 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:46:39.636601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:46:42.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\u003c/p\u003e"
}
],
"value": "An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37908",
"datePublished": "2022-11-03T19:29:32.777Z",
"dateReserved": "2022-08-08T18:45:22.552Z",
"dateUpdated": "2025-05-02T18:46:42.712Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37910 (GCVE-0-2022-37910)
Vulnerability from cvelistv5
Published
2022-11-03 19:34
Modified
2025-05-02 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:45:26.563789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:45:29.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37910",
"datePublished": "2022-11-03T19:34:02.983Z",
"dateReserved": "2022-08-08T18:45:22.552Z",
"dateUpdated": "2025-05-02T18:45:29.455Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37911 (GCVE-0-2022-37911)
Vulnerability from cvelistv5
Published
2022-11-03 19:36
Modified
2025-05-02 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:44:52.183497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:45:02.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.\u003c/p\u003e"
}
],
"value": "Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37911",
"datePublished": "2022-11-03T19:36:47.596Z",
"dateReserved": "2022-08-08T18:45:22.552Z",
"dateUpdated": "2025-05-02T18:45:02.339Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37903 (GCVE-0-2022-37903)
Vulnerability from cvelistv5
Published
2022-11-03 19:11
Modified
2025-05-02 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T15:01:55.465945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T15:02:16.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.\u003c/p\u003e"
}
],
"value": "A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37903",
"datePublished": "2022-11-03T19:11:02.155Z",
"dateReserved": "2022-08-08T18:45:22.550Z",
"dateUpdated": "2025-05-02T15:02:16.533Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22756 (GCVE-0-2023-22756)
Vulnerability from cvelistv5
Published
2023-02-28 16:36
Modified
2025-03-07 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:09:49.418954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:10:01.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:53:05.813Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22756",
"datePublished": "2023-02-28T16:36:32.538Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:10:01.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37891 (GCVE-0-2022-37891)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Buffer Overflow
Summary
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37891",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37723 (GCVE-0-2021-37723)
Vulnerability from cvelistv5
Published
2021-09-07 12:10
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Operating System Software |
Version: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:33",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37723",
"datePublished": "2021-09-07T12:10:48",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42394 (GCVE-0-2024-42394)
Vulnerability from cvelistv5
Published
2024-08-06 18:57
Modified
2024-08-07 14:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:aruba_networking_instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_networking_instantos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:58:43.755424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:27:21.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:43:44.092Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42394",
"datePublished": "2024-08-06T18:57:23.377Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-07T14:27:21.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22759 (GCVE-0-2023-22759)
Vulnerability from cvelistv5
Published
2023-02-28 16:41
Modified
2025-03-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:06:18.519310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:06:32.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22759",
"datePublished": "2023-02-28T16:41:28.980Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:06:32.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22749 (GCVE-0-2023-22749)
Vulnerability from cvelistv5
Published
2023-02-28 16:05
Modified
2025-03-07 20:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:48:27.315575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:48:40.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22749",
"datePublished": "2023-02-28T16:05:47.658Z",
"dateReserved": "2023-01-06T15:24:20.502Z",
"dateUpdated": "2025-03-07T20:48:40.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45618 (GCVE-0-2023-45618)
Vulnerability from cvelistv5
Published
2023-11-14 22:51
Modified
2024-08-30 17:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:21:51.728265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:22:01.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\u003c/p\u003e"
}
],
"value": "There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:51:37.343Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45618",
"datePublished": "2023-11-14T22:51:37.343Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:22:01.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22750 (GCVE-0-2023-22750)
Vulnerability from cvelistv5
Published
2023-02-28 16:09
Modified
2025-03-07 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:47:16.257900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:47:28.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22750",
"datePublished": "2023-02-28T16:09:16.831Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-07T20:47:28.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33517 (GCVE-0-2024-33517)
Vulnerability from cvelistv5
Published
2024-05-01 16:33
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 10.5.x.x: 10.5.1.0 and below Version: ArubaOS 10.4.x.x: 10.4.1.0 and below Version: ArubaOS 8.11.x.x: 8.11.2.1 and below Version: ArubaOS 8.10.x.x: 8.10.0.10 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:04:56.018072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:56:47.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:33:15.277Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-33517",
"datePublished": "2024-05-01T16:33:15.277Z",
"dateReserved": "2024-04-23T14:21:30.435Z",
"dateUpdated": "2024-08-02T02:36:04.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38484 (GCVE-0-2023-38484)
Vulnerability from cvelistv5
Published
2023-09-06 17:47
Modified
2024-09-30 16:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | 9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways |
Version: ArubaOS 10.4.x.x ≤ <=10.4.0.1 Version: ArubaOS 8.11.x.x ≤ <=8.11.1.0 Version: ArubaOS 8.10.x.x ≤ <=8.10.0.6 Version: ArubaOS 8.6.x.x ≤ <=8.6.0.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hewlett_packard_enterprise:9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "9200_series_mobility_controllers_and_sd-wan_gateways_9000_series_mobility_controllers_and_sd-wan",
"vendor": "hewlett_packard_enterprise",
"versions": [
{
"lessThanOrEqual": "10.4.0.1",
"status": "affected",
"version": "aruba-os-10.4.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.1.0",
"status": "affected",
"version": "aruba-os-8.11.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.6",
"status": "affected",
"version": "aruba-os-8.10.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.21",
"status": "affected",
"version": "aruba-os-8.6.x.x",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:56:14.032327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T16:07:54.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=10.4.0.1",
"status": "affected",
"version": "ArubaOS 10.4.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.11.1.0",
"status": "affected",
"version": "ArubaOS 8.11.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.6",
"status": "affected",
"version": "ArubaOS 8.10.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.6.0.21",
"status": "affected",
"version": "ArubaOS 8.6.x.x",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u0026nbsp;allow an attacker to execute arbitrary code early in the boot\u0026nbsp;sequence. An attacker could exploit this vulnerability to\u0026nbsp;gain access to and change underlying sensitive information\u0026nbsp;in the affected controller leading to complete system\u0026nbsp;compromise."
}
],
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u00a0allow an attacker to execute arbitrary code early in the boot\u00a0sequence. An attacker could exploit this vulnerability to\u00a0gain access to and change underlying sensitive information\u00a0in the affected controller leading to complete system\u00a0compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T17:47:18.689Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38484",
"datePublished": "2023-09-06T17:47:18.689Z",
"dateReserved": "2023-07-18T14:34:27.164Z",
"dateUpdated": "2024-09-30T16:07:54.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22769 (GCVE-0-2023-22769)
Vulnerability from cvelistv5
Published
2023-02-28 16:50
Modified
2025-03-07 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:02:08.603200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:02:27.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22769",
"datePublished": "2023-02-28T16:50:46.657Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2025-03-07T18:02:27.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37902 (GCVE-0-2022-37902)
Vulnerability from cvelistv5
Published
2022-11-03 19:05
Modified
2025-05-02 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T13:53:03.753281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T13:53:30.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37902",
"datePublished": "2022-11-03T19:05:52.628Z",
"dateReserved": "2022-08-08T18:45:22.550Z",
"dateUpdated": "2025-05-02T13:53:30.511Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37893 (GCVE-0-2022-37893)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authenticated Remote Command Execution
Summary
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37893",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5314 (GCVE-0-2019-5314)
Vulnerability from cvelistv5
Published
2019-09-13 16:49
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- HTTP Response Splitting (CRLF injection) and Reflected XSS
Summary
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Mobility Controllers |
Version: Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP Response Splitting (CRLF injection) and Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T16:49:38",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Response Splitting (CRLF injection) and Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5314",
"datePublished": "2019-09-13T16:49:38",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22775 (GCVE-0-2023-22775)
Vulnerability from cvelistv5
Published
2023-02-28 16:58
Modified
2025-03-07 20:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:43:59.055383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:44:09.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\u003cbr\u003e"
}
],
"value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22775",
"datePublished": "2023-02-28T16:58:34.249Z",
"dateReserved": "2023-01-06T15:24:20.508Z",
"dateUpdated": "2025-03-07T20:44:09.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22751 (GCVE-0-2023-22751)
Vulnerability from cvelistv5
Published
2023-02-28 16:28
Modified
2025-03-07 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:45:54.194197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:46:05.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22751",
"datePublished": "2023-02-28T16:28:42.105Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-07T20:46:05.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2031 (GCVE-0-2016-2031)
Vulnerability from cvelistv5
Published
2020-01-31 19:33
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/90207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T12:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/90207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"name": "http://seclists.org/fulldisclosure/2016/May/19",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt",
"refsource": "MISC",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
},
{
"name": "https://www.securityfocus.com/bid/90207",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/90207"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2031",
"datePublished": "2020-01-31T19:33:12",
"dateReserved": "2016-01-22T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25614 (GCVE-0-2024-25614)
Vulnerability from cvelistv5
Published
2024-03-05 20:19
Modified
2024-10-29 20:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:13:05.103424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:21:27.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \u003c/p\u003e"
}
],
"value": "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:19:09.850Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25614",
"datePublished": "2024-03-05T20:19:09.850Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2024-10-29T20:21:27.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45614 (GCVE-0-2023-45614)
Vulnerability from cvelistv5
Published
2023-11-14 22:43
Modified
2024-08-14 19:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instantos",
"vendor": "hp",
"versions": [
{
"lessThanOrEqual": "8.11.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.10.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.6.0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:52:03.555183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:16:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:43:30.222Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45614",
"datePublished": "2023-11-14T22:43:30.222Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-14T19:16:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31473 (GCVE-0-2024-31473)
Vulnerability from cvelistv5
Published
2024-05-14 22:29
Modified
2025-06-24 15:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:19.151899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:58:45.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:11:19.420Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31473",
"datePublished": "2024-05-14T22:29:11.994Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:11:19.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37889 (GCVE-0-2022-37889)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37889",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37887 (GCVE-0-2022-37887)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37887",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37894 (GCVE-0-2022-37894)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Denial of Service (DoS)
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37894",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45623 (GCVE-0-2023-45623)
Vulnerability from cvelistv5
Published
2023-11-14 22:56
Modified
2024-08-30 17:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:07:25.556573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:07:44.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:56:19.989Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45623",
"datePublished": "2023-11-14T22:56:19.989Z",
"dateReserved": "2023-10-09T16:22:24.803Z",
"dateUpdated": "2024-08-30T17:07:44.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42398 (GCVE-0-2024-42398)
Vulnerability from cvelistv5
Published
2024-08-06 19:37
Modified
2025-03-24 21:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:49:16.243921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T21:04:59.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:38:53.191Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42398",
"datePublished": "2024-08-06T19:37:12.816Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-24T21:04:59.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7081 (GCVE-0-2018-7081)
Vulnerability from cvelistv5
Published
2019-09-13 16:49
Modified
2024-08-05 06:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote code execution
Summary
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Mobility Controllers |
Version: Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T19:00:10",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
},
{
"name": "https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/",
"refsource": "MISC",
"url": "https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2018-7081",
"datePublished": "2019-09-13T16:49:09",
"dateReserved": "2018-02-15T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25616 (GCVE-0-2024-25616)
Vulnerability from cvelistv5
Published
2024-03-05 20:20
Modified
2024-11-07 17:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:07:21.258099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:05:17.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aruba Engineering"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\u003c/p\u003e"
}
],
"value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:20:35.905Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25616",
"datePublished": "2024-03-05T20:20:35.905Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2024-11-07T17:05:17.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22758 (GCVE-0-2023-22758)
Vulnerability from cvelistv5
Published
2023-02-28 16:40
Modified
2025-03-07 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:07:46.963631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:07:58.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22758",
"datePublished": "2023-02-28T16:40:37.916Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:07:58.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37733 (GCVE-0-2021-37733)
Vulnerability from cvelistv5
Published
2021-09-07 12:38
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote path traversal
Summary
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:07.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:26",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37733",
"datePublished": "2021-09-07T12:38:54",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:30:07.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45619 (GCVE-0-2023-45619)
Vulnerability from cvelistv5
Published
2023-11-14 22:52
Modified
2024-08-30 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:20:36.623786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:20:52.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\u003c/p\u003e"
}
],
"value": "There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:52:19.138Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45619",
"datePublished": "2023-11-14T22:52:19.138Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:20:52.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45622 (GCVE-0-2023-45622)
Vulnerability from cvelistv5
Published
2023-11-14 22:55
Modified
2024-08-12 14:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T14:37:37.416117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T14:39:21.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:55:20.319Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45622",
"datePublished": "2023-11-14T22:55:20.319Z",
"dateReserved": "2023-10-09T16:22:24.803Z",
"dateUpdated": "2024-08-12T14:39:21.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35979 (GCVE-0-2023-35979)
Vulnerability from cvelistv5
Published
2023-07-05 14:50
Modified
2024-12-04 15:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:35:07.055934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:36:27.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "the technical staff at Northwestern University"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an unauthenticated buffer overflow vulnerability\u0026nbsp;in the process controlling the ArubaOS web-based management\u0026nbsp;interface. Successful exploitation of this vulnerability\u0026nbsp;results in a Denial-of-Service (DoS) condition affecting the\u0026nbsp;web-based management interface of the controller."
}
],
"value": "There is an unauthenticated buffer overflow vulnerability\u00a0in the process controlling the ArubaOS web-based management\u00a0interface. Successful exploitation of this vulnerability\u00a0results in a Denial-of-Service (DoS) condition affecting the\u00a0web-based management interface of the controller."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:50:10.736Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35979",
"datePublished": "2023-07-05T14:50:10.736Z",
"dateReserved": "2023-06-20T18:41:22.738Z",
"dateUpdated": "2024-12-04T15:36:27.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37896 (GCVE-0-2022-37896)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Reflected Cross-Site Scripting
Summary
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37896",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25613 (GCVE-0-2024-25613)
Vulnerability from cvelistv5
Published
2024-03-05 20:17
Modified
2024-08-01 23:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.1",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.0.3",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.9",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25613",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:45:17.341453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:16:02.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:17:55.396Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25613",
"datePublished": "2024-03-05T20:17:55.396Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2024-08-01T23:44:09.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37907 (GCVE-0-2022-37907)
Vulnerability from cvelistv5
Published
2022-11-03 19:22
Modified
2025-05-02 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:47:22.121277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:47:27.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \u003c/p\u003e"
}
],
"value": "A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37907",
"datePublished": "2022-11-03T19:22:49.990Z",
"dateReserved": "2022-08-08T18:45:22.551Z",
"dateUpdated": "2025-05-02T18:47:27.199Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22748 (GCVE-0-2023-22748)
Vulnerability from cvelistv5
Published
2023-02-28 15:59
Modified
2025-03-07 21:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:03:48.350282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:04:02.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"value": "\nThere are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22748",
"datePublished": "2023-02-28T15:59:17.666Z",
"dateReserved": "2023-01-06T15:24:20.502Z",
"dateUpdated": "2025-03-07T21:04:02.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22767 (GCVE-0-2023-22767)
Vulnerability from cvelistv5
Published
2023-02-28 16:49
Modified
2025-03-11 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:21:47.550743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:22:01.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22767",
"datePublished": "2023-02-28T16:49:03.354Z",
"dateReserved": "2023-01-06T15:24:20.506Z",
"dateUpdated": "2025-03-11T14:22:01.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35971 (GCVE-0-2023-35971)
Vulnerability from cvelistv5
Published
2023-07-05 14:43
Modified
2024-10-21 21:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:07:03.397156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:32.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "123ojp (bugcrowd.com/123ojp)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u0026nbsp;conduct a stored cross-site scripting (XSS) attack against a\u0026nbsp;user of the interface. A successful exploit could\u0026nbsp;allow an attacker to execute arbitrary script code in a\u0026nbsp;victim\u0027s browser in the context of the affected interface."
}
],
"value": "A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to\u00a0conduct a stored cross-site scripting (XSS) attack against a\u00a0user of the interface. A successful exploit could\u00a0allow an attacker to execute arbitrary script code in a\u00a0victim\u0027s browser in the context of the affected interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:43:11.546Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35971",
"datePublished": "2023-07-05T14:43:11.546Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-10-21T21:11:32.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22766 (GCVE-0-2023-22766)
Vulnerability from cvelistv5
Published
2023-02-28 16:48
Modified
2025-03-11 14:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:23:51.823175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:24:04.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22766",
"datePublished": "2023-02-28T16:48:00.530Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:24:04.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38486 (GCVE-0-2023-38486)
Vulnerability from cvelistv5
Published
2023-09-06 17:48
Modified
2024-09-26 19:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | 9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways |
Version: ArubaOS 10.4.x.x ≤ <=10.4.0.1 Version: ArubaOS 8.11.x.x ≤ <=8.11.1.0 Version: ArubaOS 8.10.x.x ≤ <=8.10.0.6 Version: ArubaOS 8.6.x.x ≤ <=8.6.0.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.22",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"lessThan": "8.10.0.7",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThan": "8.11.1.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThan": "10.4.0.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:38:37.378313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:51:05.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=10.4.0.1",
"status": "affected",
"version": "ArubaOS 10.4.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.11.1.0",
"status": "affected",
"version": "ArubaOS 8.11.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.6",
"status": "affected",
"version": "ArubaOS 8.10.x.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.6.0.21",
"status": "affected",
"version": "ArubaOS 8.6.x.x",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the secure boot implementation on affected\u0026nbsp;Aruba 9200 and 9000 Series Controllers and Gateways allows\u0026nbsp;an attacker to bypass security controls which would normally\u0026nbsp;prohibit unsigned kernel images from executing. An attacker\u0026nbsp;can use this vulnerability to execute arbitrary runtime\u0026nbsp;operating systems, including unverified and unsigned OS\u0026nbsp;images."
}
],
"value": "A vulnerability in the secure boot implementation on affected\u00a0Aruba 9200 and 9000 Series Controllers and Gateways allows\u00a0an attacker to bypass security controls which would normally\u00a0prohibit unsigned kernel images from executing. An attacker\u00a0can use this vulnerability to execute arbitrary runtime\u00a0operating systems, including unverified and unsigned OS\u00a0images."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T17:48:38.025Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38486",
"datePublished": "2023-09-06T17:48:38.025Z",
"dateReserved": "2023-07-18T14:34:27.165Z",
"dateUpdated": "2024-09-26T19:51:05.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25611 (GCVE-0-2024-25611)
Vulnerability from cvelistv5
Published
2024-03-05 20:16
Modified
2024-08-01 23:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.1",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.0.3",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.9",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:00:55.490662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:17:25.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:16:02.870Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25611",
"datePublished": "2024-03-05T20:16:02.870Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2024-08-01T23:44:09.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37718 (GCVE-0-2021-37718)
Vulnerability from cvelistv5
Published
2021-09-07 12:32
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.6 Version: Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.6"
},
{
"status": "affected",
"version": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:37",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.6"
},
{
"version_value": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37718",
"datePublished": "2021-09-07T12:32:49",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31476 (GCVE-0-2024-31476)
Vulnerability from cvelistv5
Published
2024-05-14 22:31
Modified
2025-06-24 15:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:34.232578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:58:41.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:14:48.403Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31476",
"datePublished": "2024-05-14T22:31:22.072Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:14:48.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1356 (GCVE-0-2024-1356)
Vulnerability from cvelistv5
Published
2024-03-05 20:14
Modified
2024-08-01 18:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.1",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.0.3",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.9",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-29T04:00:15.641283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:17:58.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:14:37.530Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-1356",
"datePublished": "2024-03-05T20:14:37.530Z",
"dateReserved": "2024-02-08T18:15:17.017Z",
"dateUpdated": "2024-08-01T18:33:25.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37888 (GCVE-0-2022-37888)
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37888",
"datePublished": "2022-10-06T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22789 (GCVE-0-2023-22789)
Vulnerability from cvelistv5
Published
2023-05-08 14:08
Modified
2025-01-31 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:03:56.139002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:04:29.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
}
],
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:08:39.438Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22789",
"datePublished": "2023-05-08T14:08:39.438Z",
"dateReserved": "2023-01-06T15:24:20.511Z",
"dateUpdated": "2025-01-31T18:04:29.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5318 (GCVE-0-2019-5318)
Vulnerability from cvelistv5
Published
2021-09-07 12:03
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote cross-site request forgery (csrf)
Summary
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Operating System Software |
Version: 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site request forgery (csrf)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:28",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site request forgery (csrf)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5318",
"datePublished": "2021-09-07T12:03:38",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42400 (GCVE-0-2024-42400)
Vulnerability from cvelistv5
Published
2024-08-06 19:51
Modified
2025-03-13 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:27:16.617985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T17:20:31.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:51:17.264Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42400",
"datePublished": "2024-08-06T19:51:17.264Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-13T17:20:31.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33516 (GCVE-0-2024-33516)
Vulnerability from cvelistv5
Published
2024-05-01 16:30
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 10.5.x.x: 10.5.1.0 and below Version: ArubaOS 10.4.x.x: 10.4.1.0 and below Version: ArubaOS 8.11.x.x: 8.11.2.1 and below Version: ArubaOS 8.10.x.x: 8.10.0.10 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:59:36.938795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:56:28.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:30:59.727Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-33516",
"datePublished": "2024-05-01T16:30:59.727Z",
"dateReserved": "2024-04-23T14:21:30.435Z",
"dateUpdated": "2024-08-02T02:36:04.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7023 (GCVE-0-2008-7023)
Vulnerability from cvelistv5
Published
2009-08-21 14:00
Modified
2024-08-07 11:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080923 Aruba Mobility Controller Shared Default Certificate",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496604/100/0/threaded"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51731"
},
{
"name": "31336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31336"
},
{
"name": "20080923 Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496622/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s security documentation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080923 Aruba Mobility Controller Shared Default Certificate",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496604/100/0/threaded"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51731"
},
{
"name": "31336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31336"
},
{
"name": "20080923 Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496622/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product\u0027s security documentation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080923 Aruba Mobility Controller Shared Default Certificate",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496604/100/0/threaded"
},
{
"name": "51731",
"refsource": "OSVDB",
"url": "http://osvdb.org/51731"
},
{
"name": "31336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31336"
},
{
"name": "20080923 Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496622/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7023",
"datePublished": "2009-08-21T14:00:00",
"dateReserved": "2009-08-21T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35978 (GCVE-0-2023-35978)
Vulnerability from cvelistv5
Published
2023-07-05 14:49
Modified
2024-10-21 21:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:07:02.071788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:25.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "haidv35 from Viettel Cyber Security"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in ArubaOS could allow an unauthenticated\u0026nbsp;remote attacker to conduct a reflected cross-site scripting\u0026nbsp;(XSS) attack against a user of the web-based management\u0026nbsp;interface. A successful exploit could allow an attacker to\u0026nbsp;execute arbitrary script code in a victim\u0027s browser in the\u0026nbsp;context of the affected interface."
}
],
"value": "A vulnerability in ArubaOS could allow an unauthenticated\u00a0remote attacker to conduct a reflected cross-site scripting\u00a0(XSS) attack against a user of the web-based management\u00a0interface. A successful exploit could allow an attacker to\u00a0execute arbitrary script code in a victim\u0027s browser in the\u00a0context of the affected interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:49:00.807Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35978",
"datePublished": "2023-07-05T14:49:00.807Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-10-21T21:11:25.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37731 (GCVE-0-2021-37731)
Vulnerability from cvelistv5
Published
2021-09-07 12:41
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- local path traversal
Summary
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.0-2.2.0.4 Version: Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:07.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.0-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:31",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.0-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37731",
"datePublished": "2021-09-07T12:41:13",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:30:07.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37898 (GCVE-0-2022-37898)
Vulnerability from cvelistv5
Published
2022-11-03 18:23
Modified
2025-05-02 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:52:07.348744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:52:20.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37898",
"datePublished": "2022-11-03T18:23:31.634Z",
"dateReserved": "2022-08-08T18:45:22.549Z",
"dateUpdated": "2025-05-02T18:52:20.054Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24634 (GCVE-0-2020-24634)
Vulnerability from cvelistv5
Published
2020-12-11 01:22
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote injection of arbitrary commands
Summary
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | Aruba 9000 Gateway |
Version: 2.1.0.1 Version: 2.2.0.0 and below |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba 9000 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.0.1"
},
{
"status": "affected",
"version": "2.2.0.0 and below"
}
]
},
{
"product": "Aruba 7000 Series Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.4.4.23"
},
{
"status": "affected",
"version": "6.5.4.17"
},
{
"status": "affected",
"version": "8.2.2.9"
},
{
"status": "affected",
"version": "8.3.0.13"
},
{
"status": "affected",
"version": "8.5.0.10"
},
{
"status": "affected",
"version": "8.6.0.5"
},
{
"status": "affected",
"version": "8.7.0.0 and below"
}
]
},
{
"product": "Aruba 7200 Series Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.4.4.23"
},
{
"status": "affected",
"version": "6.5.4.17"
},
{
"status": "affected",
"version": "8.2.2.9"
},
{
"status": "affected",
"version": "8.3.0.13"
},
{
"status": "affected",
"version": "8.5.0.10"
},
{
"status": "affected",
"version": "8.6.0.5"
},
{
"status": "affected",
"version": "8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote injection of arbitrary commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T01:22:50",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba 9000 Gateway",
"version": {
"version_data": [
{
"version_value": "2.1.0.1"
},
{
"version_value": "2.2.0.0 and below"
}
]
}
},
{
"product_name": "Aruba 7000 Series Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "6.4.4.23"
},
{
"version_value": "6.5.4.17"
},
{
"version_value": "8.2.2.9"
},
{
"version_value": "8.3.0.13"
},
{
"version_value": "8.5.0.10"
},
{
"version_value": "8.6.0.5"
},
{
"version_value": "8.7.0.0 and below"
}
]
}
},
{
"product_name": "Aruba 7200 Series Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "6.4.4.23"
},
{
"version_value": "6.5.4.17"
},
{
"version_value": "8.2.2.9"
},
{
"version_value": "8.3.0.13"
},
{
"version_value": "8.5.0.10"
},
{
"version_value": "8.6.0.5"
},
{
"version_value": "8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote injection of arbitrary commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24634",
"datePublished": "2020-12-11T01:22:50",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22763 (GCVE-0-2023-22763)
Vulnerability from cvelistv5
Published
2023-02-28 16:46
Modified
2025-03-11 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:06:30.466364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:06:43.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22763",
"datePublished": "2023-02-28T16:46:58.281Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:06:43.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22771 (GCVE-0-2023-22771)
Vulnerability from cvelistv5
Published
2023-02-28 16:53
Modified
2025-03-07 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:00:23.285175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:00:34.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mitchell Pompe of Netskope"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Session Expiration in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22771",
"datePublished": "2023-02-28T16:53:19.915Z",
"dateReserved": "2023-01-06T15:24:20.507Z",
"dateUpdated": "2025-03-07T18:00:34.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3836 (GCVE-0-2009-3836)
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-09-16 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc"
},
{
"name": "ADV-2009-3051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3051"
},
{
"name": "36832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36832"
},
{
"name": "37085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37085"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-02T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc"
},
{
"name": "ADV-2009-3051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3051"
},
{
"name": "36832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36832"
},
{
"name": "37085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37085"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/support/alerts/aid-102609.asc",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc"
},
{
"name": "ADV-2009-3051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3051"
},
{
"name": "36832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36832"
},
{
"name": "37085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37085"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3836",
"datePublished": "2009-11-02T15:00:00Z",
"dateReserved": "2009-11-02T00:00:00Z",
"dateUpdated": "2024-09-16T17:18:00.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25612 (GCVE-0-2024-25612)
Vulnerability from cvelistv5
Published
2024-03-05 20:16
Modified
2024-08-01 23:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.1",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.0.3",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.9",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-29T04:00:14.484061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:16:50.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:16:59.563Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25612",
"datePublished": "2024-03-05T20:16:59.563Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2024-08-01T23:44:09.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31469 (GCVE-0-2024-31469)
Vulnerability from cvelistv5
Published
2024-05-14 22:25
Modified
2025-06-24 13:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:31.113539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:52:09.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e\u003cp\u003e \u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:26:25.165Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31469",
"datePublished": "2024-05-14T22:25:46.354Z",
"dateReserved": "2024-04-03T21:21:22.896Z",
"dateUpdated": "2025-06-24T13:26:25.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37716 (GCVE-0-2021-37716)
Vulnerability from cvelistv5
Published
2021-09-07 12:02
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote buffer overflow
Summary
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:22",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37716",
"datePublished": "2021-09-07T12:02:01",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45626 (GCVE-0-2023-45626)
Vulnerability from cvelistv5
Published
2023-11-14 22:58
Modified
2024-10-29 18:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:18:28.332522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:20:29.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\u003c/p\u003e"
}
],
"value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:58:35.705Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45626",
"datePublished": "2023-11-14T22:58:35.705Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-10-29T18:20:29.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5315 (GCVE-0-2019-5315)
Vulnerability from cvelistv5
Published
2019-09-13 16:53
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authenticated command injection
Summary
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Mobility Controllers |
Version: Aruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T16:53:42",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "Aruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5315",
"datePublished": "2019-09-13T16:53:42",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35977 (GCVE-0-2023-35977)
Vulnerability from cvelistv5
Published
2023-07-05 14:47
Modified
2024-12-04 15:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:38:07.853419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:38:20.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist which allow an authenticated attacker\u0026nbsp;to access sensitive information on the ArubaOS command line\u0026nbsp;interface. Successful exploitation could allow access to data\u0026nbsp;beyond what is authorized by the users existing privilege\u0026nbsp;level."
}
],
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:47:46.596Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35977",
"datePublished": "2023-07-05T14:47:46.596Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-12-04T15:38:20.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37717 (GCVE-0-2021-37717)
Vulnerability from cvelistv5
Published
2021-09-07 12:05
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.6 Version: Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.6"
},
{
"status": "affected",
"version": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:35",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.6"
},
{
"version_value": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37717",
"datePublished": "2021-09-07T12:05:19",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37885 (GCVE-0-2022-37885)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37885",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37912 (GCVE-0-2022-37912)
Vulnerability from cvelistv5
Published
2022-11-03 19:07
Modified
2025-05-02 15:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T15:06:34.982196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T15:07:19.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37912",
"datePublished": "2022-11-03T19:07:36.763Z",
"dateReserved": "2022-08-08T18:45:22.552Z",
"dateUpdated": "2025-05-02T15:07:19.728Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31483 (GCVE-0-2024-31483)
Vulnerability from cvelistv5
Published
2024-05-14 22:37
Modified
2025-06-24 15:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:43:52.164471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T15:12:51.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\u003c/p\u003e"
}
],
"value": "An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:23:49.047Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31483",
"datePublished": "2024-05-14T22:37:06.652Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:23:49.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37897 (GCVE-0-2022-37897)
Vulnerability from cvelistv5
Published
2022-11-03 18:12
Modified
2025-05-02 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:52:46.351606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:52:49.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37897",
"datePublished": "2022-11-03T18:12:09.080Z",
"dateReserved": "2022-08-08T18:45:22.548Z",
"dateUpdated": "2025-05-02T18:52:49.234Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33515 (GCVE-0-2024-33515)
Vulnerability from cvelistv5
Published
2024-05-01 16:28
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 10.5.x.x: 10.5.1.0 and below Version: ArubaOS 10.4.x.x: 10.4.1.0 and below Version: ArubaOS 8.11.x.x: 8.11.2.1 and below Version: ArubaOS 8.10.x.x: 8.10.0.10 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:53:40.485831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:56:08.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:03.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:28:23.709Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-33515",
"datePublished": "2024-05-01T16:28:23.709Z",
"dateReserved": "2024-04-23T14:21:30.435Z",
"dateUpdated": "2024-08-02T02:36:03.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31472 (GCVE-0-2024-31472)
Vulnerability from cvelistv5
Published
2024-05-14 22:28
Modified
2025-06-24 14:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:33.431077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:53:34.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T14:57:21.615Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31472",
"datePublished": "2024-05-14T22:28:29.845Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T14:57:21.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45627 (GCVE-0-2023-45627)
Vulnerability from cvelistv5
Published
2023-11-14 22:59
Modified
2024-08-29 18:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal
operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T18:10:06.630552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:10:36.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\u003c/p\u003e\u003cp\u003eoperation of the affected access point.\u003c/p\u003e"
}
],
"value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:59:36.788Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45627",
"datePublished": "2023-11-14T22:59:36.788Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-08-29T18:10:36.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37895 (GCVE-0-2022-37895)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authenticated Denial of Service (DoS)
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37895",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31481 (GCVE-0-2024-31481)
Vulnerability from cvelistv5
Published
2024-05-14 22:35
Modified
2025-06-24 15:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:42:47.657209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:01:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:21:48.806Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31481",
"datePublished": "2024-05-14T22:35:29.359Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:21:48.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45615 (GCVE-0-2023-45615)
Vulnerability from cvelistv5
Published
2023-11-14 22:44
Modified
2024-08-30 17:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:23:35.521141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:23:46.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:44:59.789Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45615",
"datePublished": "2023-11-14T22:44:59.789Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:23:46.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35981 (GCVE-0-2023-35981)
Vulnerability from cvelistv5
Published
2023-07-25 18:28
Modified
2024-11-07 18:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: ArubaOS 10.4.x.x: 10.4.0.1 and below Version: InstantOS 8.11.x.x: 8.11.1.0 and below Version: InstantOS 8.10.x.x: 8.10.0.6 and below Version: InstantOS 8.6.x.x: 8.6.0.20 and below Version: InstantOS 6.5.x.x: 6.5.4.24 and below Version: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arba_access_points_running_instantos_and_arubaos_10",
"vendor": "hpe",
"versions": [
{
"lessThan": "4.2.4.21",
"status": "affected",
"version": "6.4.4.8",
"versionType": "custom"
},
{
"lessThan": "6.5.4.24",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.6.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.10.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.11.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T18:38:50.384815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:51:06.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.20 and below"
},
{
"status": "affected",
"version": "InstantOS 6.5.x.x: 6.5.4.24 and below"
},
{
"status": "affected",
"version": "InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:28:14.271Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35981",
"datePublished": "2023-07-25T18:28:14.271Z",
"dateReserved": "2023-06-20T18:43:02.967Z",
"dateUpdated": "2024-11-07T18:51:06.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37899 (GCVE-0-2022-37899)
Vulnerability from cvelistv5
Published
2022-11-03 18:44
Modified
2025-05-02 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:51:33.212119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:51:45.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37899",
"datePublished": "2022-11-03T18:44:51.309Z",
"dateReserved": "2022-08-08T18:45:22.549Z",
"dateUpdated": "2025-05-02T18:51:45.964Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35976 (GCVE-0-2023-35976)
Vulnerability from cvelistv5
Published
2023-07-05 14:47
Modified
2024-12-04 15:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:38:41.712067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:39:11.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities exist which allow an authenticated attacker\u0026nbsp;to access sensitive information on the ArubaOS command line\u0026nbsp;interface. Successful exploitation could allow access to data\u0026nbsp;beyond what is authorized by the users existing privilege\u0026nbsp;level."
}
],
"value": "Vulnerabilities exist which allow an authenticated attacker\u00a0to access sensitive information on the ArubaOS command line\u00a0interface. Successful exploitation could allow access to data\u00a0beyond what is authorized by the users existing privilege\u00a0level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:47:43.236Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35976",
"datePublished": "2023-07-05T14:47:43.236Z",
"dateReserved": "2023-06-20T18:41:22.737Z",
"dateUpdated": "2024-12-04T15:39:11.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25615 (GCVE-0-2024-25615)
Vulnerability from cvelistv5
Published
2024-03-05 20:19
Modified
2025-03-27 20:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.1",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.0.3",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.9",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T14:07:39.073529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:13:45.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": " An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:19:54.342Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25615",
"datePublished": "2024-03-05T20:19:54.342Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2025-03-27T20:13:45.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24637 (GCVE-0-2020-24637)
Vulnerability from cvelistv5
Published
2020-12-11 01:33
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote buffer overflow
Summary
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | Aruba 9000 Gateway |
Version: 2.1.0.1 Version: 2.2.0.0 and below |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba 9000 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.0.1"
},
{
"status": "affected",
"version": "2.2.0.0 and below"
}
]
},
{
"product": "Aruba 7000 Series Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.4.4.23"
},
{
"status": "affected",
"version": "6.5.4.17"
},
{
"status": "affected",
"version": "8.2.2.9"
},
{
"status": "affected",
"version": "8.3.0.13"
},
{
"status": "affected",
"version": "8.5.0.10"
},
{
"status": "affected",
"version": "8.6.0.5"
},
{
"status": "affected",
"version": "8.7.0.0 and below"
}
]
},
{
"product": "Aruba 7200 Series Mobility Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.4.4.23"
},
{
"status": "affected",
"version": "6.5.4.17"
},
{
"status": "affected",
"version": "8.2.2.9"
},
{
"status": "affected",
"version": "8.3.0.13"
},
{
"status": "affected",
"version": "8.5.0.10"
},
{
"status": "affected",
"version": "8.6.0.5"
},
{
"status": "affected",
"version": "8.7.0.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T01:33:22",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-24637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba 9000 Gateway",
"version": {
"version_data": [
{
"version_value": "2.1.0.1"
},
{
"version_value": "2.2.0.0 and below"
}
]
}
},
{
"product_name": "Aruba 7000 Series Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "6.4.4.23"
},
{
"version_value": "6.5.4.17"
},
{
"version_value": "8.2.2.9"
},
{
"version_value": "8.3.0.13"
},
{
"version_value": "8.5.0.10"
},
{
"version_value": "8.6.0.5"
},
{
"version_value": "8.7.0.0 and below"
}
]
}
},
{
"product_name": "Aruba 7200 Series Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "6.4.4.23"
},
{
"version_value": "6.5.4.17"
},
{
"version_value": "8.2.2.9"
},
{
"version_value": "8.3.0.13"
},
{
"version_value": "8.5.0.10"
},
{
"version_value": "8.6.0.5"
},
{
"version_value": "8.7.0.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-24637",
"datePublished": "2020-12-11T01:33:22",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31477 (GCVE-0-2024-31477)
Vulnerability from cvelistv5
Published
2024-05-14 22:32
Modified
2025-06-24 15:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:34.951992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:59:03.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:15:50.694Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31477",
"datePublished": "2024-05-14T22:32:06.557Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:15:50.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22765 (GCVE-0-2023-22765)
Vulnerability from cvelistv5
Published
2023-02-28 16:47
Modified
2025-03-11 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:05:17.711198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:05:33.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22765",
"datePublished": "2023-02-28T16:47:35.008Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:05:33.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37725 (GCVE-0-2021-37725)
Vulnerability from cvelistv5
Published
2021-09-07 12:39
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote cross-site request forgery (csrf)
Summary
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site request forgery (csrf)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:20",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site request forgery (csrf)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37725",
"datePublished": "2021-09-07T12:39:59",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45616 (GCVE-0-2023-45616)
Vulnerability from cvelistv5
Published
2023-11-14 22:48
Modified
2024-08-30 17:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:23:06.350955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:23:15.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:48:47.301Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45616",
"datePublished": "2023-11-14T22:48:47.301Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:23:15.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37729 (GCVE-0-2021-37729)
Vulnerability from cvelistv5
Published
2021-09-07 12:37
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote path traversal
Summary
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.0-2.2.0.4 Version: Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:07.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.0-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:41",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.0-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37729",
"datePublished": "2021-09-07T12:37:41",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:30:07.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31475 (GCVE-0-2024-31475)
Vulnerability from cvelistv5
Published
2024-05-14 22:30
Modified
2025-06-24 15:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:39:38.114508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-463",
"description": "CWE-463 Deletion of Data Structure Sentinel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:58:20.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.\u003c/p\u003e"
}
],
"value": "There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:13:24.884Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31475",
"datePublished": "2024-05-14T22:30:27.186Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:13:24.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45617 (GCVE-0-2023-45617)
Vulnerability from cvelistv5
Published
2023-11-14 22:49
Modified
2024-08-30 17:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:22:31.261592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:22:41.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\u003c/p\u003e"
}
],
"value": "There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:49:52.560Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45617",
"datePublished": "2023-11-14T22:49:52.560Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:22:41.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42393 (GCVE-0-2024-42393)
Vulnerability from cvelistv5
Published
2024-08-06 18:58
Modified
2024-08-12 16:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:13:40.644282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:00:36.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:44:56.016Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42393",
"datePublished": "2024-08-06T18:58:52.509Z",
"dateReserved": "2024-07-31T20:37:28.337Z",
"dateUpdated": "2024-08-12T16:00:36.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37724 (GCVE-0-2021-37724)
Vulnerability from cvelistv5
Published
2021-09-07 12:34
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Operating System Software |
Version: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:24",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37724",
"datePublished": "2021-09-07T12:34:20",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37900 (GCVE-0-2022-37900)
Vulnerability from cvelistv5
Published
2022-11-03 18:56
Modified
2025-05-01 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:04:31.123222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:04:51.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37900",
"datePublished": "2022-11-03T18:56:36.481Z",
"dateReserved": "2022-08-08T18:45:22.549Z",
"dateUpdated": "2025-05-01T15:04:51.724Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33513 (GCVE-0-2024-33513)
Vulnerability from cvelistv5
Published
2024-05-01 16:13
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 10.5.x.x: 10.5.1.0 and below Version: ArubaOS 10.4.x.x: 10.4.1.0 and below Version: ArubaOS 8.11.x.x: 8.11.2.1 and below Version: ArubaOS 8.10.x.x: 8.10.0.10 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:54:50.718510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:55:23.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:03.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:24:59.578Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-33513",
"datePublished": "2024-05-01T16:13:10.629Z",
"dateReserved": "2024-04-23T14:21:30.435Z",
"dateUpdated": "2024-08-02T02:36:03.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31467 (GCVE-0-2024-31467)
Vulnerability from cvelistv5
Published
2024-05-14 22:08
Modified
2025-06-24 13:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:29.379593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:50:53.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:20:29.703Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31467",
"datePublished": "2024-05-14T22:08:51.360Z",
"dateReserved": "2024-04-03T21:21:22.896Z",
"dateUpdated": "2025-06-24T13:20:29.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35980 (GCVE-0-2023-35980)
Vulnerability from cvelistv5
Published
2023-07-25 18:28
Modified
2024-11-07 18:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: ArubaOS 10.4.x.x: 10.4.0.1 and below Version: InstantOS 8.11.x.x: 8.11.1.0 and below Version: InstantOS 8.10.x.x: 8.10.0.6 and below Version: InstantOS 8.6.x.x: 8.6.0.20 and below Version: InstantOS 6.5.x.x: 6.5.4.24 and below Version: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arba_access_points_running_instantos_and_arubaos_10",
"vendor": "hpe",
"versions": [
{
"lessThan": "4.2.4.21",
"status": "affected",
"version": "6.4.4.8",
"versionType": "custom"
},
{
"lessThan": "6.5.4.24",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.6.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.10.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.11.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T18:52:12.730779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:56:09.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.20 and below"
},
{
"status": "affected",
"version": "InstantOS 6.5.x.x: 6.5.4.24 and below"
},
{
"status": "affected",
"version": "InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:28:10.354Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35980",
"datePublished": "2023-07-25T18:28:10.354Z",
"dateReserved": "2023-06-20T18:43:02.966Z",
"dateUpdated": "2024-11-07T18:56:09.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22753 (GCVE-0-2023-22753)
Vulnerability from cvelistv5
Published
2023-02-28 16:33
Modified
2025-03-11 14:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:07:45.158697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:07:56.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:52:33.182Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22753",
"datePublished": "2023-02-28T16:33:36.424Z",
"dateReserved": "2023-01-06T15:24:20.503Z",
"dateUpdated": "2025-03-11T14:07:56.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35982 (GCVE-0-2023-35982)
Vulnerability from cvelistv5
Published
2023-07-25 18:28
Modified
2024-11-07 18:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: ArubaOS 10.4.x.x: 10.4.0.1 and below Version: InstantOS 8.11.x.x: 8.11.1.0 and below Version: InstantOS 8.10.x.x: 8.10.0.6 and below Version: InstantOS 8.6.x.x: 8.6.0.20 and below Version: InstantOS 6.5.x.x: 6.5.4.24 and below Version: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arba_access_points_running_instantos_and_arubaos_10",
"vendor": "hpe",
"versions": [
{
"lessThan": "10.4.0.1",
"status": "affected",
"version": "arubaos_10.4.x.x",
"versionType": "custom"
},
{
"lessThan": "8.11.1.0",
"status": "affected",
"version": "instantos_8.11.x.x",
"versionType": "custom"
},
{
"lessThan": "8.10.0.6",
"status": "affected",
"version": "instantos_8.10xx",
"versionType": "custom"
},
{
"lessThan": "8.6.0.20",
"status": "affected",
"version": "instantos_8.6.x.x",
"versionType": "custom"
},
{
"lessThan": "6.5.4.24",
"status": "affected",
"version": "instantos_6.5.x.x",
"versionType": "custom"
},
{
"lessThan": "6.4.4.8",
"status": "affected",
"version": "instantos_6.4.x.x",
"versionType": "custom"
},
{
"lessThan": "4.2.4.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:54:23.089613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:11:05.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.20 and below"
},
{
"status": "affected",
"version": "InstantOS 6.5.x.x: 6.5.4.24 and below"
},
{
"status": "affected",
"version": "InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:28:20.312Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35982",
"datePublished": "2023-07-25T18:28:20.312Z",
"dateReserved": "2023-06-20T18:43:02.967Z",
"dateUpdated": "2024-11-07T18:11:05.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1388 (GCVE-0-2015-1388)
Vulnerability from cvelistv5
Published
2015-03-24 17:00
Modified
2024-08-06 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"RAP console\" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-24T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"RAP console\" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1388",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35972 (GCVE-0-2023-35972)
Vulnerability from cvelistv5
Published
2023-07-05 14:44
Modified
2024-12-04 15:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:41:01.720192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:41:16.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote command injection vulnerability\u0026nbsp;exists in the ArubaOS web-based management interface.\u0026nbsp;Successful exploitation of this vulnerability results in the\u0026nbsp;ability to execute arbitrary commands as a privileged user\u0026nbsp;on the underlying operating system. This allows an attacker\u0026nbsp;to fully compromise the underlying operating system on the\u0026nbsp;device running ArubaOS."
}
],
"value": "An authenticated remote command injection vulnerability\u00a0exists in the ArubaOS web-based management interface.\u00a0Successful exploitation of this vulnerability results in the\u00a0ability to execute arbitrary commands as a privileged user\u00a0on the underlying operating system. This allows an attacker\u00a0to fully compromise the underlying operating system on the\u00a0device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:44:42.156Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35972",
"datePublished": "2023-07-05T14:44:42.156Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-12-04T15:41:16.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37720 (GCVE-0-2021-37720)
Vulnerability from cvelistv5
Published
2021-09-07 12:08
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:18",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37720",
"datePublished": "2021-09-07T12:08:20",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7095 (GCVE-0-2008-7095)
Vulnerability from cvelistv5
Published
2009-08-27 18:00
Modified
2024-08-07 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081104 Aruba Mobility Controller SNMP Community String Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498033/100/0/threaded"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51916"
},
{
"name": "32102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081104 Aruba Mobility Controller SNMP Community String Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498033/100/0/threaded"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51916"
},
{
"name": "32102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081104 Aruba Mobility Controller SNMP Community String Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498033/100/0/threaded"
},
{
"name": "51916",
"refsource": "OSVDB",
"url": "http://osvdb.org/51916"
},
{
"name": "32102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7095",
"datePublished": "2009-08-27T18:00:00",
"dateReserved": "2009-08-27T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31468 (GCVE-0-2024-31468)
Vulnerability from cvelistv5
Published
2024-05-14 22:24
Modified
2025-06-24 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:30.371230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:51:14.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e\u003cp\u003e \u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:23:16.767Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31468",
"datePublished": "2024-05-14T22:24:53.386Z",
"dateReserved": "2024-04-03T21:21:22.896Z",
"dateUpdated": "2025-06-24T13:23:16.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35973 (GCVE-0-2023-35973)
Vulnerability from cvelistv5
Published
2023-07-05 14:45
Modified
2024-12-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: - ArubaOS 10.4.x.x: 10.4.0.1 and below Version: - ArubaOS 8.11.x.x: 8.11.1.0 and below Version: - ArubaOS 8.10.x.x: 8.10.0.6 and below Version: - ArubaOS 8.6.x.x: 8.6.0.20 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:40:20.723913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:40:45.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "- ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "- ArubaOS 8.6.x.x: 8.6.0.20 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-07-11T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in\u0026nbsp;the ArubaOS command line interface. Successful exploitation\u0026nbsp;of these vulnerabilities result in the ability to execute\u0026nbsp;arbitrary commands as a privileged user on the underlying\u0026nbsp;operating system."
}
],
"value": "Authenticated command injection vulnerabilities exist in\u00a0the ArubaOS command line interface. Successful exploitation\u00a0of these vulnerabilities result in the ability to execute\u00a0arbitrary commands as a privileged user on the underlying\u00a0operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T14:45:39.756Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35973",
"datePublished": "2023-07-05T14:45:39.756Z",
"dateReserved": "2023-06-20T18:41:22.736Z",
"dateUpdated": "2024-12-04T15:40:45.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2032 (GCVE-0-2016-2032)
Vulnerability from cvelistv5
Published
2020-01-31 19:53
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.google.com/about/appsecurity/research/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T19:53:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.google.com/about/appsecurity/research/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
},
{
"name": "http://seclists.org/fulldisclosure/2016/May/19",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2016/May/19"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt",
"refsource": "MISC",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
},
{
"name": "https://www.google.com/about/appsecurity/research/",
"refsource": "MISC",
"url": "https://www.google.com/about/appsecurity/research/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2032",
"datePublished": "2020-01-31T19:53:50",
"dateReserved": "2016-01-22T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7080 (GCVE-0-2018-7080)
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 06:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote access restriction bypass
Summary
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | Aruba Access Points |
Version: AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4"
}
]
}
],
"datePublic": "2018-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote access restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-08T10:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "105814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Access Points",
"version": {
"version_data": [
{
"version_value": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote access restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105814"
},
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2018-7080",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-02-15T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37906 (GCVE-0-2022-37906)
Vulnerability from cvelistv5
Published
2022-11-03 19:18
Modified
2025-05-02 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:48:18.447813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:48:21.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.\u003c/p\u003e"
}
],
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37906",
"datePublished": "2022-11-03T19:18:21.610Z",
"dateReserved": "2022-08-08T18:45:22.551Z",
"dateUpdated": "2025-05-02T18:48:21.423Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22755 (GCVE-0-2023-22755)
Vulnerability from cvelistv5
Published
2023-02-28 16:35
Modified
2025-03-07 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:10:31.938058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:10:42.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:52:59.218Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22755",
"datePublished": "2023-02-28T16:35:24.079Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:10:42.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22761 (GCVE-0-2023-22761)
Vulnerability from cvelistv5
Published
2023-02-28 16:42
Modified
2025-03-07 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:04:58.940898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:05:12.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22761",
"datePublished": "2023-02-28T16:42:41.162Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-07T18:05:12.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45621 (GCVE-0-2023-45621)
Vulnerability from cvelistv5
Published
2023-11-14 22:54
Modified
2024-08-14 18:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instantos",
"vendor": "hp",
"versions": [
{
"lessThanOrEqual": "8.11.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.10.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.6.0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:24:06.720970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:46:12.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:54:17.436Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45621",
"datePublished": "2023-11-14T22:54:17.436Z",
"dateReserved": "2023-10-09T16:22:24.803Z",
"dateUpdated": "2024-08-14T18:46:12.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37909 (GCVE-0-2022-37909)
Vulnerability from cvelistv5
Published
2022-11-03 19:31
Modified
2025-05-02 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:46:07.005757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:46:09.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\u003c/p\u003e"
}
],
"value": "Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37909",
"datePublished": "2022-11-03T19:31:58.258Z",
"dateReserved": "2022-08-08T18:45:22.552Z",
"dateUpdated": "2025-05-02T18:46:09.907Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37886 (GCVE-0-2022-37886)
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 10:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow Vulnerability
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37886",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22757 (GCVE-0-2023-22757)
Vulnerability from cvelistv5
Published
2023-02-28 16:36
Modified
2025-03-07 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:09:10.370621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:09:19.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Haoliang Lu at the WuHeng Lab of ByteDance"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T15:53:18.778Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22757",
"datePublished": "2023-02-28T16:36:54.386Z",
"dateReserved": "2023-01-06T15:24:20.504Z",
"dateUpdated": "2025-03-07T18:09:19.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22764 (GCVE-0-2023-22764)
Vulnerability from cvelistv5
Published
2023-02-28 16:47
Modified
2025-03-11 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:05:57.731469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:06:12.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in the ArubaOS Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22764",
"datePublished": "2023-02-28T16:47:14.005Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-11T14:06:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31470 (GCVE-0-2024-31470)
Vulnerability from cvelistv5
Published
2024-05-14 22:26
Modified
2025-06-24 13:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:31.848382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:51:59.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T13:29:06.597Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31470",
"datePublished": "2024-05-14T22:26:39.056Z",
"dateReserved": "2024-04-03T21:21:22.896Z",
"dateUpdated": "2025-06-24T13:29:06.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14491 (GCVE-0-2017-14491)
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039474",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name": "101085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name": "USN-3430-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"name": "101977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name": "RHSA-2017:2838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"name": "VU#973527",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name": "GLSA-201710-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name": "RHSA-2017:2840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"name": "USN-3430-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name": "RHSA-2017:2839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"name": "RHSA-2017:2836",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name": "RHSA-2017:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"name": "42941",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "RHSA-2017:2841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"name": "openSUSE-SU-2017:2633",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"name": "FEDORA-2017-515264ae24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"name": "FEDORA-2017-24f067299e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"name": "USN-3430-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"name": "SUSE-SU-2017:2619",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"name": "FEDORA-2017-7106a157f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"name": "SUSE-SU-2017:2616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"name": "SUSE-SU-2017:2617",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:42:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039474",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039474"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name": "101085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name": "USN-3430-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"name": "101977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name": "RHSA-2017:2838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"name": "VU#973527",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name": "GLSA-201710-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name": "RHSA-2017:2840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"name": "USN-3430-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name": "RHSA-2017:2839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"name": "RHSA-2017:2836",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name": "RHSA-2017:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"name": "42941",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "RHSA-2017:2841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"name": "openSUSE-SU-2017:2633",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"name": "FEDORA-2017-515264ae24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"name": "FEDORA-2017-24f067299e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"name": "USN-3430-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"name": "SUSE-SU-2017:2619",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"name": "FEDORA-2017-7106a157f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"name": "SUSE-SU-2017:2616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"name": "SUSE-SU-2017:2617",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"name": "DSA-3989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039474",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039474"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name": "DSA-3989",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/3199382",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name": "101085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name": "USN-3430-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"name": "101977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name": "RHSA-2017:2838",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2838"
},
{
"name": "VU#973527",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name": "GLSA-201710-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name": "RHSA-2017:2840",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2840"
},
{
"name": "USN-3430-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name": "RHSA-2017:2839",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2839"
},
{
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"name": "RHSA-2017:2836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name": "RHSA-2017:2837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2837"
},
{
"name": "42941",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "RHSA-2017:2841",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2841"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"name": "openSUSE-SU-2017:2633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"name": "FEDORA-2017-515264ae24",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"
},
{
"name": "FEDORA-2017-24f067299e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"
},
{
"name": "USN-3430-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-3"
},
{
"name": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"
},
{
"name": "SUSE-SU-2017:2619",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"name": "FEDORA-2017-7106a157f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"
},
{
"name": "SUSE-SU-2017:2616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"name": "SUSE-SU-2017:2617",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"name": "DSA-3989",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14491",
"datePublished": "2017-10-02T21:00:00",
"dateReserved": "2017-09-15T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22778 (GCVE-0-2023-22778)
Vulnerability from cvelistv5
Published
2023-02-28 17:05
Modified
2025-03-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:42:36.672022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:42:49.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Phil Purviance (@superevr)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\u003cbr\u003e"
}
],
"value": "A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u0027s browser in the context of the affected interface.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22778",
"datePublished": "2023-02-28T17:05:56.186Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2025-03-07T20:42:49.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7299 (GCVE-0-2014-7299)
Vulnerability from cvelistv5
Published
2014-10-08 01:00
Modified
2024-08-06 12:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-10072014.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-08T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-10072014.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/support/alerts/aid-10072014.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-10072014.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7299",
"datePublished": "2014-10-08T01:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37905 (GCVE-0-2022-37905)
Vulnerability from cvelistv5
Published
2022-11-03 19:15
Modified
2025-05-02 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:48:34.165808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:49:00.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "unaffected",
"version": "ArubaOS 6.5.4.x: 6.5.4.23 and above; ArubaOS 8.6.x: 8.6.0.18 and above; ArubaOS 8.7.x: 8.7.1.10 and above; ArubaOS 8.10.x: 8.10.0.0 and above; ArubaOS 10.3.x: 10.3.0.1 and above; SD-WAN-2.3.0.x: 8.7.0.0-2.3.0.7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\u003c/p\u003e"
}
],
"value": "Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-37905",
"datePublished": "2022-11-03T19:15:18.208Z",
"dateReserved": "2022-08-08T18:45:22.551Z",
"dateUpdated": "2025-05-02T18:49:00.474Z",
"requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31474 (GCVE-0-2024-31474)
Vulnerability from cvelistv5
Published
2024-05-14 22:29
Modified
2025-06-24 15:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:39:14.628824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-463",
"description": "CWE-463 Deletion of Data Structure Sentinel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:57:56.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba\u0027s Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point\u003c/p\u003e"
}
],
"value": "There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba\u0027s Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:12:08.560Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31474",
"datePublished": "2024-05-14T22:29:51.497Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:12:08.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33514 (GCVE-0-2024-33514)
Vulnerability from cvelistv5
Published
2024-05-01 16:27
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 10.5.x.x: 10.5.1.0 and below Version: ArubaOS 10.4.x.x: 10.4.1.0 and below Version: ArubaOS 8.11.x.x: 8.11.2.1 and below Version: ArubaOS 8.10.x.x: 8.10.0.10 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:49:17.149275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:55:47.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:02.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:27:00.666Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-33514",
"datePublished": "2024-05-01T16:27:00.666Z",
"dateReserved": "2024-04-23T14:21:30.435Z",
"dateUpdated": "2024-08-02T02:36:02.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22791 (GCVE-0-2023-22791)
Vulnerability from cvelistv5
Published
2023-05-08 14:10
Modified
2025-01-31 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:01:08.113216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:01:49.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Zack Colgan of ClearBearing"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u0026nbsp;where an edge-case combination of network configuration, a\u0026nbsp;specific WLAN environment and an attacker already possessing\u0026nbsp;valid user credentials on that WLAN can lead to sensitive\u0026nbsp;information being disclosed via the WLAN. The scenarios in\u0026nbsp;which this disclosure of potentially sensitive information\u0026nbsp;can occur are complex and depend on factors that are beyond\u0026nbsp;the control of the attacker."
}
],
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:10:03.684Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22791",
"datePublished": "2023-05-08T14:10:03.684Z",
"dateReserved": "2023-01-06T15:24:20.511Z",
"dateUpdated": "2025-01-31T18:01:49.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45620 (GCVE-0-2023-45620)
Vulnerability from cvelistv5
Published
2023-11-14 22:53
Modified
2024-08-30 17:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:10:44.379696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:11:11.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:53:07.384Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45620",
"datePublished": "2023-11-14T22:53:07.384Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:11:11.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2290 (GCVE-0-2013-2290)
Vulnerability from cvelistv5
Published
2013-03-28 23:00
Modified
2024-08-06 15:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:44.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52690"
},
{
"name": "58579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58579"
},
{
"name": "aruba-mobility-cve20132290-xss(82917)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82917"
},
{
"name": "91485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-042213.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52690"
},
{
"name": "58579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58579"
},
{
"name": "aruba-mobility-cve20132290-xss(82917)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82917"
},
{
"name": "91485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-042213.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52690"
},
{
"name": "58579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58579"
},
{
"name": "aruba-mobility-cve20132290-xss(82917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82917"
},
{
"name": "91485",
"refsource": "OSVDB",
"url": "http://osvdb.org/91485"
},
{
"name": "http://www.arubanetworks.com/support/alerts/aid-042213.asc",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-042213.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2290",
"datePublished": "2013-03-28T23:00:00",
"dateReserved": "2013-02-27T00:00:00",
"dateUpdated": "2024-08-06T15:36:44.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22747 (GCVE-0-2023-22747)
Vulnerability from cvelistv5
Published
2023-02-28 15:47
Modified
2025-03-11 14:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:09:17.378382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:09:40.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Unauthenticated Command Injections in the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22747",
"datePublished": "2023-02-28T15:47:31.864Z",
"dateReserved": "2023-01-06T15:24:20.502Z",
"dateUpdated": "2025-03-11T14:09:40.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31482 (GCVE-0-2024-31482)
Vulnerability from cvelistv5
Published
2024-05-14 22:36
Modified
2025-06-24 15:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Version: 10.5.0.0 ≤ 10.5.1.0 Version: 10.4.0.0 ≤ 10.4.1.0 Version: 8.11.0.0 ≤ 8.11.2.1 Version: 8.10.0.0 ≤ 8.10.0.10 Version: 8.6.0.0 ≤ 8.6.0.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:43:20.652798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:01:42.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:22:57.371Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31482",
"datePublished": "2024-05-14T22:36:10.770Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:22:57.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37721 (GCVE-0-2021-37721)
Vulnerability from cvelistv5
Published
2021-09-07 12:35
Modified
2024-08-04 01:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary command execution
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 8.6.0.4-2.2.0.4"
},
{
"status": "affected",
"version": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T11:06:13",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-37721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software",
"version": {
"version_data": [
{
"version_value": "Prior to 8.6.0.4-2.2.0.4"
},
{
"version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-37721",
"datePublished": "2021-09-07T12:35:27",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22776 (GCVE-0-2023-22776)
Vulnerability from cvelistv5
Published
2023-02-28 17:02
Modified
2025-03-07 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:43:31.253007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:43:45.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\u003cbr\u003e"
}
],
"value": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22776",
"datePublished": "2023-02-28T17:02:51.772Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2025-03-07T20:43:45.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2273 (GCVE-0-2008-2273)
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020032",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020032"
},
{
"name": "aruba-tacacs-security-bypass(42434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42434"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-051408.asc"
},
{
"name": "20080515 Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492113/100/0/threaded"
},
{
"name": "29240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29240"
},
{
"name": "30262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020032",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020032"
},
{
"name": "aruba-tacacs-security-bypass(42434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42434"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-051408.asc"
},
{
"name": "20080515 Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492113/100/0/threaded"
},
{
"name": "29240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29240"
},
{
"name": "30262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020032",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020032"
},
{
"name": "aruba-tacacs-security-bypass(42434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42434"
},
{
"name": "http://www.arubanetworks.com/support/alerts/aid-051408.asc",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-051408.asc"
},
{
"name": "20080515 Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492113/100/0/threaded"
},
{
"name": "29240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29240"
},
{
"name": "30262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2273",
"datePublished": "2008-05-16T06:54:00",
"dateReserved": "2008-05-16T00:00:00",
"dateUpdated": "2024-08-07T08:58:00.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22760 (GCVE-0-2023-22760)
Vulnerability from cvelistv5
Published
2023-02-28 16:42
Modified
2025-03-12 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central |
Version: ArubaOS 8.6.x.x: 8.6.0.19 and below Version: ArubaOS 8.10.x.x: 8.10.0.4 and below Version: ArubaOS 10.3.x.x: 10.3.1.0 and below Version: SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:05:41.258871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:21:55.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 8.6.x.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nikita Abramov"
}
],
"datePublic": "2023-02-28T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"value": "Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in ArubaOS Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22760",
"datePublished": "2023-02-28T16:42:04.666Z",
"dateReserved": "2023-01-06T15:24:20.505Z",
"dateUpdated": "2025-03-12T16:21:55.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22788 (GCVE-0-2023-22788)
Vulnerability from cvelistv5
Published
2023-05-08 14:08
Modified
2025-01-28 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T20:09:10.095402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T20:09:44.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
}
],
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:08:35.055Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22788",
"datePublished": "2023-05-08T14:08:35.055Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2025-01-28T20:09:44.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45625 (GCVE-0-2023-45625)
Vulnerability from cvelistv5
Published
2023-11-14 22:57
Modified
2024-08-02 20:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:57:42.530Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45625",
"datePublished": "2023-11-14T22:57:42.530Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-08-02T20:21:16.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}