📦 Arubaos
by Arubanetworks
🔍 What is Arubaos?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability in the Soft AP Daemon Service allows unauthenticated remote attackers to execute arbitrary commands on affected systems, leading to complete system compromise. It affects HPE Aruba ...
This critical vulnerability in Aruba access points allows unauthenticated attackers to execute arbitrary commands with root privileges by sending malicious packets to port 8211. It affects ArubaOS 10 ...
CVE-2024-31469 is a critical buffer overflow vulnerability in Aruba's Central Communications service that allows unauthenticated attackers to execute arbitrary code with privileged access by sending m...
CVE-2024-31471 is a critical command injection vulnerability in Aruba's Central Communications service that allows unauthenticated attackers to execute arbitrary code with privileged access by sending...
This critical vulnerability allows unauthenticated attackers to execute arbitrary code with privileged access on Aruba access points by sending specially crafted packets to UDP port 8211. It affects A...
CVE-2024-31466 is a critical buffer overflow vulnerability in Aruba's Access Point management protocol (PAPI) that allows unauthenticated attackers to execute arbitrary code with privileged access by ...
This critical vulnerability allows unauthenticated attackers to execute arbitrary code with privileged access on Aruba access points by sending specially crafted packets to UDP port 8211. It affects A...
This CVE describes a critical buffer overflow vulnerability in Aruba's AirWave client service that allows unauthenticated attackers to execute arbitrary code with privileged access by sending speciall...
This critical vulnerability allows unauthenticated attackers to execute arbitrary code with privileged access on Aruba access points by sending specially crafted packets to UDP port 8211. It affects A...
This critical vulnerability allows unauthenticated attackers to execute arbitrary code with privileged access on Aruba access points by sending specially crafted packets to UDP port 8211. It affects A...
CVE-2023-22747 allows unauthenticated attackers to execute arbitrary commands on Aruba access points by sending malicious packets to UDP port 8211. This enables remote code execution with privileged s...
CVE-2023-22749 allows unauthenticated attackers to execute arbitrary commands on Aruba access points by sending malicious packets to the PAPI UDP port 8211. This affects ArubaOS and Aruba InstantOS ac...
CVE-2023-22751 is a critical stack-based buffer overflow vulnerability in Aruba Networks' PAPI protocol that allows unauthenticated attackers to execute arbitrary code with privileged access on affect...
A remote buffer overflow vulnerability in Aruba SD-WAN Software and Gateways allows attackers to execute arbitrary code or cause denial of service. Affected systems include ArubaOS versions prior to s...
CVE-2020-24634 is a critical command injection vulnerability in Aruba networking devices that allows remote attackers to execute arbitrary commands by sending specially crafted packets to the PAPI UDP...
Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary commands with privileged system access. This affe...
Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow authenticated attackers to execute arbitrary commands with privileged user permissions. This affects or...
An authenticated attacker with valid credentials can exploit improper input handling in the web management interface of Aruba mobility conductors running AOS-10 or AOS-8 to trigger unintended system b...
This vulnerability allows authenticated attackers to write arbitrary files on mobility conductors running AOS-10 or AOS-8, potentially leading to remote code execution as a privileged user. It affects...
This vulnerability allows authenticated attackers to upload arbitrary files to mobility conductors running AOS-10 or AOS-8 operating systems. Successful exploitation could lead to remote code executio...
An arbitrary file deletion vulnerability in Aruba mobility conductors running AOS-8 allows unauthenticated remote attackers to delete files on affected systems. This could lead to denial-of-service co...
A stack overflow vulnerability in the AOS-10 web management interface of HPE Mobility Gateway allows authenticated attackers to execute arbitrary code with privileged system access. This affects organ...
Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying op...
An unauthenticated remote denial-of-service vulnerability in HPE web management interfaces allows attackers to crash affected systems, requiring manual intervention to restore service. This affects HP...
An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows attackers with valid credentials to execute arbitrary commands with privileged system a...
An authenticated attacker can upload arbitrary files to the web management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor systems, potentially leading to remote command execution. This...
An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows authenticated attackers to execute arbitrary commands as privileged users on the underl...
This CVE describes authenticated command injection vulnerabilities in HPE Aruba Networking products that allow attackers with CLI access to execute arbitrary commands as privileged users on the underl...
This vulnerability allows attackers to delete arbitrary files on Aruba Access Points through the Central Communications service via PAPI. Successful exploitation can disrupt operations and compromise ...
Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying operating system. This affects...
Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying operating system. This affects...
An unauthenticated Denial-of-Service vulnerability in the soft AP daemon accessed via PAPI protocol allows attackers to disrupt affected access points without authentication. This affects Aruba access...
Unauthenticated attackers can cause denial-of-service conditions in Aruba access points by exploiting vulnerabilities in the CLI service accessed via PAPI protocol. This affects Aruba access points wi...
Unauthenticated attackers can exploit vulnerabilities in the BLE daemon service via the PAPI protocol to cause Denial-of-Service (DoS) on affected Aruba access points. This disrupts normal wireless ne...
This vulnerability in Aruba's AirWave client service allows attackers to delete arbitrary files on the operating system via the PAPI protocol. This could disrupt normal operations and compromise syste...
This vulnerability allows attackers to execute arbitrary code during the early boot sequence of Aruba 9200 and 9000 Series Controllers and Gateways. Successful exploitation could lead to complete syst...
This vulnerability allows attackers to bypass secure boot protections on Aruba 9200 and 9000 Series Controllers and Gateways, enabling execution of arbitrary unsigned kernel images. Affected organizat...
This stored cross-site scripting vulnerability in ArubaOS web management interface allows unauthenticated attackers to inject malicious scripts that execute in victims' browsers. Anyone using the vuln...
Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying OS. This affects Aruba network...
An unauthenticated Denial of Service vulnerability in Aruba's PAPI protocol allows attackers to disrupt affected access points without credentials. This affects Aruba InstantOS and ArubaOS 10 systems,...
This CVE describes authenticated command injection vulnerabilities in Aruba InstantOS and ArubaOS 10 command line interfaces. Attackers with authenticated access can execute arbitrary commands as priv...
This CVE describes an authenticated path traversal vulnerability in ArubaOS command line interface that allows authenticated attackers to delete arbitrary files on the underlying operating system. It ...
This CVE describes buffer overflow vulnerabilities in Aruba networking devices that allow unauthenticated attackers to execute arbitrary code with privileged permissions via specially crafted PAPI pro...
CVE-2023-22759 is an authenticated remote command injection vulnerability in ArubaOS web management interfaces. It allows authenticated attackers to execute arbitrary commands as privileged users, lea...
CVE-2023-22761 allows authenticated attackers to execute arbitrary commands as privileged users on ArubaOS devices through the web management interface. This results in complete compromise of the unde...
This CVE describes authenticated command injection vulnerabilities in ArubaOS command line interface that allow attackers to execute arbitrary commands as privileged users on the underlying operating ...
Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying OS. This affects Aruba network...
CVE-2023-22767 allows authenticated attackers to execute arbitrary commands with privileged access on ArubaOS devices through command injection in the CLI. This affects network administrators and orga...
This CVE describes authenticated command injection vulnerabilities in ArubaOS command line interface. Attackers with valid credentials can execute arbitrary commands as privileged users on the underly...
CVE-2023-22753 is a critical buffer overflow vulnerability in Aruba networking devices that allows unauthenticated attackers to execute arbitrary code with privileged system access via specially craft...
This CVE describes buffer overflow vulnerabilities in Aruba networking devices that allow unauthenticated attackers to execute arbitrary code with privileged system access via specially crafted PAPI p...
This CVE allows remote attackers to execute arbitrary commands on affected Aruba SD-WAN and gateway devices. The vulnerability stems from improper neutralization of special elements used in a command ...
This CVE allows remote attackers to execute arbitrary commands on Aruba SD-WAN and gateway devices running vulnerable ArubaOS versions. Attackers can potentially take full control of affected systems ...
This CVE allows remote attackers to execute arbitrary commands on Aruba SD-WAN and gateway devices through improper neutralization of special elements used in a command. Affected organizations include...
This CVE allows remote attackers to execute arbitrary commands on ArubaOS network devices without authentication. It affects ArubaOS versions prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, and 8.3.0.16. Network...
Multiple out-of-bounds read vulnerabilities in a system component that handles data buffers. Insufficient validation of buffer size values allows reading beyond intended memory regions, potentially ca...
A command injection vulnerability in AOS-8 allows authenticated privileged users to inject shell commands by manipulating package headers. This could enable malicious actors to execute arbitrary comma...
An arbitrary file deletion vulnerability in the command-line interface of Aruba mobility conductors running AOS-10 or AOS-8 allows authenticated remote attackers to delete any files on the system. Thi...
This CVE describes multiple out-of-bounds read vulnerabilities in a system component that handles data buffers. Insufficient validation of buffer size values allows reading beyond intended memory regi...
This vulnerability allows authenticated remote attackers to inject malicious commands through the device's command line interface, potentially executing arbitrary operating system commands. It affects...
This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems via the CLI binary. Organizations using these Aruba network...
An authenticated attacker can download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through the web management interface. This affects organizations using these Aruba...
This vulnerability allows authenticated attackers to download arbitrary files from affected Aruba networking devices through path traversal attacks. It affects AOS-10 Gateway and AOS-8 Controller/Mobi...
This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through a low-level interface library. It affects organizat...
This vulnerability allows authenticated remote attackers to delete arbitrary files on Aruba AOS-8 Controller/Mobility Conductor systems via the command-line interface. This affects organizations using...
This vulnerability allows authenticated remote attackers to delete arbitrary files on Aruba AOS-8 Controller/Mobility Conductor systems through the command-line interface. This affects organizations u...
An authenticated command injection vulnerability in AOS-10 GW and AOS-8 Controllers/Mobility Conductor allows attackers with physical access to execute arbitrary commands as privileged users. This aff...
This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through the CLI binary. It affects organizations using thes...
This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems via CLI binary exploits. It affects organizations using the...
Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Attackers can exploit these vulnerabilities to disrupt normal Access Point operat...
Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation allows attackers to disrupt normal Access Point operation...
An authenticated sensitive information disclosure vulnerability in the CLI service accessed via PAPI protocol allows attackers to read arbitrary files on the underlying operating system. This affects ...
Unauthenticated attackers can cause Denial of Service (DoS) by exploiting vulnerabilities in the CLI service accessed via the PAPI protocol in Aruba/HPE networking products. This allows interruption o...
Unauthenticated attackers can cause Denial of Service (DoS) in Aruba Central Communications service via PAPI protocol, disrupting normal operations. This affects Aruba Central and Mobility Conductor d...
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol in ArubaOS. This allows attackers to disrupt controller operations without requiring ...
An unauthenticated Denial-of-Service vulnerability in Aruba's Radio Frequency Manager service allows attackers to disrupt service operation via the PAPI protocol. This affects Aruba networking product...
Unauthenticated attackers can cause Denial-of-Service (DoS) in Aruba's AP Management service via the PAPI protocol, disrupting network operations. This affects Aruba wireless access point management s...