Vulnerabilities > Arubanetworks > High

DATE CVE VULNERABILITY TITLE RISK
2015-03-24 CVE-2015-1388 OS Command Injection vulnerability in Arubanetworks Arubaos
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
local
low complexity
arubanetworks CWE-78
7.2
7.2
2015-02-03 CVE-2015-1348 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arubanetworks Instant Access Point Firmware
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface.
network
low complexity
arubanetworks CWE-119
7.8
7.8
2014-11-25 CVE-2014-8367 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
arubanetworks CWE-89
7.5
7.5
2014-10-08 CVE-2014-7299 Information Disclosure vulnerability in Arubaos 6.3.11/6.4.2.1
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.
network
low complexity
arubanetworks
7.5
7.5
2009-08-27 CVE-2008-7095 Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Aruba Mobility Controller and Arubaos
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
network
low complexity
arubanetworks CWE-264
7.8
7.8
2008-12-15 CVE-2008-5563 Resource Management Errors vulnerability in multiple products
Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.
network
low complexity
aruba-networks arubanetworks CWE-399
7.8
7.8