Filtered by vendor Arubanetworks
Subscriptions
Total
611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23812 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-04-16 | 4.3 Medium |
| A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position. | ||||
| CVE-2024-42503 | 1 Arubanetworks | 1 Arubaos | 2026-04-15 | 7.2 High |
| Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. | ||||
| CVE-2024-42509 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 9.8 Critical |
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-26305 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2026-04-15 | 9.8 Critical |
| There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-47463 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2025-37130 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 6.5 Medium |
| A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system. | ||||
| CVE-2024-26304 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2026-04-15 | 9.8 Critical |
| There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2025-37122 | 2 Arubanetworks, Hpe | 2 Clearpass Policy Manager, Aruba Networking Clearpass Policy Manager | 2026-04-15 | 6.1 Medium |
| A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in a victim's browser in the context of the affected interface. | ||||
| CVE-2025-37123 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 8.8 High |
| A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system. | ||||
| CVE-2024-42507 | 1 Arubanetworks | 1 Arubaos | 2026-04-15 | 9.8 Critical |
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-47462 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2024-42502 | 1 Arubanetworks | 1 Arubaos | 2026-04-15 | 7.2 High |
| Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. | ||||
| CVE-2025-37127 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 7.2 High |
| A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems. | ||||
| CVE-2024-47460 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 9 Critical |
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-42506 | 1 Arubanetworks | 1 Arubaos | 2026-04-15 | 9.8 Critical |
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-42501 | 1 Arubanetworks | 1 Arubaos | 2026-04-15 | 7.2 High |
| An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. | ||||
| CVE-2025-37125 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 7.5 High |
| A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly | ||||
| CVE-2025-37126 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 7.2 High |
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system. | ||||
| CVE-2025-37129 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 6.7 Medium |
| A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enabled without proper security measures. | ||||
| CVE-2024-47461 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 7.2 High |
| An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. | ||||