Vulnerabilities > Arubanetworks

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2021-25141 A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware.
local
low complexity
arubanetworks hpe
4.4
2021-01-15 CVE-2020-24641 Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information.
network
low complexity
arubanetworks CWE-918
7.5
2021-01-15 CVE-2020-24640 Unspecified vulnerability in Arubanetworks Airwave Glass
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3.
network
low complexity
arubanetworks
critical
9.8
2021-01-15 CVE-2020-24639 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3.
network
low complexity
arubanetworks CWE-502
critical
9.8
2021-01-15 CVE-2020-24638 Unspecified vulnerability in Arubanetworks Airwave Glass
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli.
network
low complexity
arubanetworks
7.2
2020-12-11 CVE-2020-12149 OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input.
network
low complexity
arubanetworks CWE-78
6.8
2020-12-11 CVE-2020-12148 OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance.
network
low complexity
arubanetworks CWE-78
6.8
2020-12-11 CVE-2020-24637 Unspecified vulnerability in Arubanetworks Arubaos
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot.
network
low complexity
arubanetworks
7.2
2020-12-11 CVE-2020-24634 Command Injection vulnerability in Arubanetworks Arubaos
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
network
low complexity
arubanetworks CWE-77
critical
9.8
2020-12-11 CVE-2020-24633 Classic Buffer Overflow vulnerability in Arubanetworks Arubaos
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
network
low complexity
arubanetworks CWE-120
critical
9.8