Vulnerabilities > Arubanetworks

DATE CVE VULNERABILITY TITLE RISK
2021-03-30 CVE-2021-25148 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below.
network
low complexity
arubanetworks siemens
8.1
2021-03-30 CVE-2021-25145 A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.
low complexity
arubanetworks siemens
6.5
2021-03-29 CVE-2021-25144 Classic Buffer Overflow vulnerability in multiple products
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.
network
low complexity
arubanetworks siemens CWE-120
8.8
2021-03-29 CVE-2021-25143 A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below.
network
low complexity
arubanetworks siemens
7.5
2021-03-29 CVE-2020-24636 OS Command Injection vulnerability in multiple products
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.
network
low complexity
arubanetworks siemens CWE-78
critical
9.8
2021-03-29 CVE-2020-24635 OS Command Injection vulnerability in multiple products
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.
network
low complexity
arubanetworks siemens CWE-78
7.2
2021-03-29 CVE-2019-5317 Improper Authentication vulnerability in multiple products
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.
low complexity
arubanetworks siemens CWE-287
6.8
2021-03-05 CVE-2021-26971 Unspecified vulnerability in Arubanetworks Airwave
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0.
network
low complexity
arubanetworks
6.3
2021-03-05 CVE-2021-26970 OS Command Injection vulnerability in Arubanetworks Airwave
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0.
network
low complexity
arubanetworks CWE-78
6.3
2021-03-05 CVE-2021-26969 XXE vulnerability in Arubanetworks Airwave
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0.
network
low complexity
arubanetworks CWE-611
6.5