Every CVE whose affected-product data names Arubanetworks Arubaos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2008-7023 — CVSS 10.0 (critical): Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all…
CVE-2024-31473 — CVSS 9.8 (critical): There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code…
CVE-2024-31472 — CVSS 9.8 (critical): There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code…
CVE-2024-31471 — CVSS 9.8 (critical): There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code…
CVE-2024-42393 — CVSS 9.8 (critical): There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack…
CVE-2024-42394 — CVSS 9.8 (critical): There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack…
CVE-2024-42395 — CVSS 9.8 (critical): There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE…
CVE-2024-31470 — CVSS 9.8 (critical): There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to…
CVE-2024-31469 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code…
CVE-2024-31468 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code…
CVE-2024-31467 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending…
CVE-2018-7081 — CVSS 9.8 (critical): A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability…
CVE-2024-31466 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending…
CVE-2023-45616 — CVSS 9.8 (critical): There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution…
CVE-2020-24633 — CVSS 9.8 (critical): There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted…
CVE-2020-24634 — CVSS 9.8 (critical): An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP…
CVE-2023-45615 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending…
CVE-2021-37716 — CVSS 9.8 (critical): A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2023-45614 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending…
CVE-2023-35982 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2023-35981 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2023-35980 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2017-14491 — CVSS 9.8 (critical): Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code…
CVE-2016-2031 — CVSS 9.8 (critical): Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and…
CVE-2023-22747 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2022-37891 — CVSS 9.8 (critical): Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful…
CVE-2022-37897 — CVSS 9.8 (critical): There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets…
CVE-2023-22752 — CVSS 9.8 (critical): There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22751 — CVSS 9.8 (critical): There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22750 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22749 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22748 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2022-37885 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2022-37886 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2022-37887 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2022-37888 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2022-37889 — CVSS 9.8 (critical): There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by…
CVE-2022-37890 — CVSS 9.8 (critical): Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful…
CVE-2008-2273 — CVSS 9.0 (critical): Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote…
CVE-2023-35971 — CVSS 8.8 (high): A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site…
CVE-2025-37168 — CVSS 8.2 (high): Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system…
CVE-2023-45617 — CVSS 8.2 (high): There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol)…
CVE-2023-45618 — CVSS 8.2 (high): There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management…
CVE-2023-45619 — CVSS 8.2 (high): There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol)…
CVE-2024-31474 — CVSS 8.2 (high): There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol)…
CVE-2024-31475 — CVSS 8.2 (high): There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management…
CVE-2023-22754 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22755 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22756 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22757 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2021-37725 — CVSS 8.1 (high): A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System…
CVE-2023-22753 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-38485 — CVSS 8.0 (high): Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to…
CVE-2023-38484 — CVSS 8.0 (high): Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to…
CVE-2008-7095 — CVSS 7.8 (high): The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read…
CVE-2022-37893 — CVSS 7.8 (high): An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful…
CVE-2023-38486 — CVSS 7.7 (high): A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to…
CVE-2023-22787 — CVSS 7.5 (high): An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and…
CVE-2014-7299 — CVSS 7.5 (high): Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers…
CVE-2026-23827 — CVSS 7.5 (high): A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated…
CVE-2026-23826 — CVSS 7.5 (high): A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this…
CVE-2026-23825 — CVSS 7.5 (high): Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit…
CVE-2018-7080 — CVSS 7.5 (high): A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit…
CVE-2023-45620 — CVSS 7.5 (high): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of…
CVE-2023-45621 — CVSS 7.5 (high): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of…
CVE-2023-45623 — CVSS 7.5 (high): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful…
CVE-2023-45622 — CVSS 7.5 (high): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful…
CVE-2023-45624 — CVSS 7.5 (high): An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful…
CVE-2016-2032 — CVSS 7.5 (high): A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system…
CVE-2025-37161 — CVSS 7.5 (high): A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial…
CVE-2026-23824 — CVSS 7.5 (high): Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit…
CVE-2023-22767 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22768 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22769 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22770 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22773 — CVSS 7.2 (high): Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities…
CVE-2023-22774 — CVSS 7.2 (high): Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities…
CVE-2015-1388 — CVSS 7.2 (high): The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote…
CVE-2026-44859 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44858 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44857 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2023-22788 — CVSS 7.2 (high): Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful…
CVE-2023-22789 — CVSS 7.2 (high): Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful…
CVE-2023-22790 — CVSS 7.2 (high): Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful…
CVE-2026-44856 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2021-37723 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8…
CVE-2023-35972 — CVSS 7.2 (high): An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-35973 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-35974 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2021-37722 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37721 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2026-44855 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44854 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2021-37720 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37719 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37718 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37717 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2020-24637 — CVSS 7.2 (high): Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this…
CVE-2019-5315 — CVSS 7.2 (high): A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute…
CVE-2025-37173 — CVSS 7.2 (high): An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8…
CVE-2025-37172 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating…
CVE-2025-37171 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating…
CVE-2023-45625 — CVSS 7.2 (high): Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these…
CVE-2026-44853 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44852 — CVSS 7.2 (high): An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the…
CVE-2024-1356 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2024-25611 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2024-25612 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2024-25613 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2026-44870 — CVSS 7.2 (high): Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10…
CVE-2025-27082 — CVSS 7.2 (high): Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility…
CVE-2025-27083 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management…
CVE-2025-37132 — CVSS 7.2 (high): An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility…
CVE-2025-37133 — CVSS 7.2 (high): An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system…
CVE-2025-37134 — CVSS 7.2 (high): An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system…
CVE-2022-37898 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37900 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37901 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37902 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37903 — CVSS 7.2 (high): A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web…
CVE-2026-44871 — CVSS 7.2 (high): Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10…
CVE-2026-44864 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44863 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44862 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44861 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44860 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2022-37912 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2026-44867 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44868 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44869 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2021-37724 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8…
CVE-2023-22758 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22759 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22760 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22761 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22762 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22763 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22764 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22765 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22766 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2026-44866 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44865 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2022-37899 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2025-37170 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating…
CVE-2025-37169 — CVSS 7.2 (high): A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could…
CVE-2024-31476 — CVSS 7.2 (high): Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these…
CVE-2024-31477 — CVSS 7.2 (high): Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these…
CVE-2025-37175 — CVSS 7.2 (high): Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8…
CVE-2025-37174 — CVSS 7.2 (high): Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10…
CVE-2026-44872 — CVSS 7.2 (high): A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2023-22771 — CVSS 6.8 (medium): An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this…
CVE-2022-37905 — CVSS 6.6 (medium): Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot…
CVE-2022-37904 — CVSS 6.6 (medium): Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot…
CVE-2021-37728 — CVSS 6.5 (medium): A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11…
CVE-2019-5318 — CVSS 6.5 (medium): A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all…
CVE-2021-37729 — CVSS 6.5 (medium): A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2022-37894 — CVSS 6.5 (medium): An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10…
CVE-2022-37906 — CVSS 6.5 (medium): An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability…
CVE-2023-22772 — CVSS 6.5 (medium): An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this…
CVE-2023-22775 — CVSS 6.5 (medium): A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface…
CVE-2023-35975 — CVSS 6.5 (medium): An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability…
CVE-2023-35976 — CVSS 6.5 (medium): Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface…
CVE-2023-35977 — CVSS 6.5 (medium): Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface…
CVE-2025-37135 — CVSS 6.5 (medium): Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor…
CVE-2025-37136 — CVSS 6.5 (medium): Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor…
CVE-2025-37137 — CVSS 6.5 (medium): Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor…
CVE-2025-37162 — CVSS 6.5 (medium): A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command…
CVE-2025-37176 — CVSS 6.5 (medium): A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands…
CVE-2025-37177 — CVSS 6.5 (medium): An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or…
CVE-2021-37731 — CVSS 6.2 (medium): A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2025-37138 — CVSS 6.2 (medium): An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility…
CVE-2019-5314 — CVSS 6.1 (medium): Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would…
CVE-2023-35978 — CVSS 6.1 (medium): A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against…
CVE-2009-3836 — CVSS 6.1 (medium): ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of…
CVE-2022-37896 — CVSS 6.1 (medium): A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected…
CVE-2024-33513 — CVSS 5.9 (medium): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful…
CVE-2022-37907 — CVSS 5.8 (medium): A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an…
CVE-2022-37908 — CVSS 5.8 (medium): An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can…
CVE-2024-25614 — CVSS 5.5 (medium): There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the…
CVE-2023-45626 — CVSS 5.5 (medium): An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary…
CVE-2026-23809 — CVSS 5.4 (medium): A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the…
CVE-2026-44873 — CVSS 5.4 (medium): A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are…
CVE-2023-22791 — CVSS 5.4 (medium): A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN…
CVE-2026-23601 — CVSS 5.4 (medium): A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key…
CVE-2026-23808 — CVSS 5.4 (medium): A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an…
CVE-2022-37892 — CVSS 5.4 (medium): A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a…
CVE-2025-27084 — CVSS 5.4 (medium): A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a…
CVE-2024-33517 — CVSS 5.3 (medium): An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol…
CVE-2024-33516 — CVSS 5.3 (medium): An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS…
CVE-2024-33515 — CVSS 5.3 (medium): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful…
CVE-2024-33514 — CVSS 5.3 (medium): Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful…
CVE-2024-31482 — CVSS 5.3 (medium): An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful…
CVE-2024-31481 — CVSS 5.3 (medium): Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of…
CVE-2024-31480 — CVSS 5.3 (medium): Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of…
CVE-2024-31479 — CVSS 5.3 (medium): Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol…
CVE-2025-37178 — CVSS 5.3 (medium): Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to…
CVE-2025-37179 — CVSS 5.3 (medium): Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to…
CVE-2024-31478 — CVSS 5.3 (medium): Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful…
CVE-2024-25615 — CVSS 5.3 (medium): An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x…
CVE-2023-35979 — CVSS 5.3 (medium): There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful…