Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Arubaos
(Arubanetworks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 150 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-14 | CVE-2023-45627 | An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | Arubaos, Instantos | 6.5 | ||
| 2024-08-06 | CVE-2024-42398 | Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | Arubaos, Instantos | 5.3 | ||
| 2024-08-06 | CVE-2024-42400 | Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | Arubaos, Instantos | 5.3 | ||
| 2024-08-06 | CVE-2024-42393 | There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | Arubaos, Instantos | 9.8 | ||
| 2024-08-06 | CVE-2024-42394 | There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | Arubaos, Instantos | 9.8 | ||
| 2024-08-06 | CVE-2024-42395 | There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | Arubaos, Instantos | 9.8 | ||
| 2020-01-31 | CVE-2016-2031 | Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | Airwave, Aruba_instant, Arubaos, Scalance_w1750d_firmware | 9.8 | ||
| 2021-09-07 | CVE-2019-5318 | A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability. | Arubaos, Scalance_w1750d_firmware | 6.5 | ||
| 2020-01-31 | CVE-2016-2032 | A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | Airwave_network_management, Aruba_instant, Arubaos | N/A | ||
| 2019-09-13 | CVE-2019-5315 | A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x. | Arubaos | N/A |