Vulnerabilities > Arubanetworks > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-24 | CVE-2015-1388 | OS Command Injection vulnerability in Arubanetworks Arubaos The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.2 |
2015-02-03 | CVE-2015-1348 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arubanetworks Instant Access Point Firmware Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. | 7.8 |
2014-11-25 | CVE-2014-8367 | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-10-08 | CVE-2014-7299 | Information Disclosure vulnerability in Arubaos 6.3.11/6.4.2.1 Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session. | 7.5 |
2009-08-27 | CVE-2008-7095 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Aruba Mobility Controller and Arubaos The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | 7.8 |
2008-12-15 | CVE-2008-5563 | Resource Management Errors vulnerability in multiple products Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame. | 7.8 |