Vulnerabilities > Arubanetworks > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-45625 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the command line interface. | 7.2 |
| 2023-11-14 | CVE-2023-45626 | An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | 7.2 |
| 2023-10-25 | CVE-2023-43506 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. | 7.8 |
| 2023-10-25 | CVE-2023-43507 | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. | 8.8 |
| 2023-09-05 | CVE-2015-2201 | OS Command Injection vulnerability in multiple products Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | 7.2 |
| 2023-09-05 | CVE-2015-2202 | Improper Input Validation vulnerability in multiple products Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | 7.2 |
| 2023-08-22 | CVE-2023-37424 | Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. | 8.1 |
| 2023-08-22 | CVE-2023-37426 | Use of Hard-coded Credentials vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. | 7.5 |
| 2023-08-22 | CVE-2023-37427 | Unspecified vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. | 7.2 |
| 2023-08-22 | CVE-2023-37428 | Path Traversal vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 7.2 |