Vulnerabilities > Arubanetworks > Arubaos > 6.2.3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2019-5318 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. | 7.1 |
| 2020-12-11 | CVE-2020-24637 | Unspecified vulnerability in Arubanetworks Arubaos Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. | 9.0 |
| 2020-12-11 | CVE-2020-24634 | Command Injection vulnerability in Arubanetworks Arubaos An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 10.0 |
| 2020-12-11 | CVE-2020-24633 | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 10.0 |
| 2019-09-13 | CVE-2019-5314 | Injection vulnerability in Arubanetworks Arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. | 4.3 |
| 2019-09-13 | CVE-2018-7081 | Improper Input Validation vulnerability in Arubanetworks Arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. | 9.3 |
| 2015-03-24 | CVE-2015-1388 | OS Command Injection vulnerability in Arubanetworks Arubaos The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.2 |