Vulnerabilities > Arubanetworks > Arubaos > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-37906 | Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated path traversal vulnerability exists in the ArubaOS command line interface. | 8.1 |
| 2022-12-12 | CVE-2022-37907 | Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. | 7.5 |
| 2022-12-12 | CVE-2022-37912 | OS Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 8.8 |
| 2022-10-07 | CVE-2022-37893 | OS Command Injection vulnerability in multiple products An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. | 7.8 |
| 2021-09-07 | CVE-2019-5318 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. | 7.1 |
| 2021-09-07 | CVE-2021-37725 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. | 8.8 |
| 2021-09-07 | CVE-2021-37728 | Path Traversal vulnerability in multiple products A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. | 8.5 |
| 2021-09-07 | CVE-2021-37731 | Path Traversal vulnerability in multiple products A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. | 7.2 |
| 2015-03-24 | CVE-2015-1388 | OS Command Injection vulnerability in Arubanetworks Arubaos The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.2 |
| 2014-10-08 | CVE-2014-7299 | Information Disclosure vulnerability in Arubaos 6.3.11/6.4.2.1 Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session. | 7.5 |