Filtered by vendor Arubanetworks
Subscribe
Total
551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-37184 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-03-03 | N/A | 9.8 CRITICAL |
|
A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby compromising the integrity of secured access to the system.
|
|||||
| CVE-2025-37169 | 1 Arubanetworks | 1 Arubaos | 2026-02-25 | N/A | 7.2 HIGH |
|
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37161 | 1 Arubanetworks | 1 Arubaos | 2026-02-13 | N/A | 7.5 HIGH |
|
A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations.
|
|||||
| CVE-2025-37162 | 1 Arubanetworks | 1 Arubaos | 2026-02-13 | N/A | 6.5 MEDIUM |
|
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
|
|||||
| CVE-2025-37170 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37171 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37172 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37173 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.
|
|||||
| CVE-2025-37174 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37175 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.
|
|||||
| CVE-2025-37176 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 6.5 MEDIUM |
|
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.
|
|||||
| CVE-2025-37177 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 6.5 MEDIUM |
|
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37178 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 5.3 MEDIUM |
|
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
|
|||||
| CVE-2025-37179 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 5.3 MEDIUM |
|
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
|
|||||
| CVE-2025-37168 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 8.2 HIGH |
|
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.
|
|||||
| CVE-2025-37181 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 7.2 HIGH |
|
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
|
|||||
| CVE-2025-37182 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 7.2 HIGH |
|
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
|
|||||
| CVE-2025-37183 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 7.2 HIGH |
|
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
|
|||||
| CVE-2025-37185 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 5.5 MEDIUM |
|
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface and thereby make unauthorized arbitrary configuration changes to the host.
|
|||||
| CVE-2025-37163 | 1 Arubanetworks | 1 Airwave | 2025-12-03 | N/A | 7.2 HIGH |
|
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
|
|||||
| CVE-2025-37135 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
|
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37136 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
|
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37137 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
|
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37138 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.2 MEDIUM |
|
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37140 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37141 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37142 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-27085 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
|
|||||
| CVE-2025-27084 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 5.4 MEDIUM |
|
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.
|
|||||
| CVE-2025-27082 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
|
|||||
| CVE-2025-27083 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37143 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37144 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37145 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37132 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.
|
|||||
| CVE-2025-37133 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37134 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
|
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
|
|||||
| CVE-2024-25616 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 3.7 LOW |
|
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
|
|||||
| CVE-2024-25615 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.3 MEDIUM |
|
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
|
|||||