Every CVE whose affected-product data names Arubanetworks Sd-wan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (88)
CVE-2020-24634 — CVSS 9.8 (critical): An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP…
CVE-2023-22747 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22748 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22749 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22750 — CVSS 9.8 (critical): There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2023-22751 — CVSS 9.8 (critical): There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2021-37716 — CVSS 9.8 (critical): A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2020-24633 — CVSS 9.8 (critical): There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted…
CVE-2023-22752 — CVSS 9.8 (critical): There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted…
CVE-2022-37897 — CVSS 9.8 (critical): There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets…
CVE-2021-37725 — CVSS 8.1 (high): A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System…
CVE-2023-22753 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22757 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22756 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22755 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2023-22754 — CVSS 8.1 (high): There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code…
CVE-2026-23827 — CVSS 7.5 (high): A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated…
CVE-2026-23825 — CVSS 7.5 (high): Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit…
CVE-2026-23824 — CVSS 7.5 (high): Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit…
CVE-2026-23826 — CVSS 7.5 (high): A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this…
CVE-2026-44862 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2020-24637 — CVSS 7.2 (high): Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this…
CVE-2021-37717 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37718 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37719 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37720 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37721 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2021-37722 — CVSS 7.2 (high): A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software…
CVE-2022-37898 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37899 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37900 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37901 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37902 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2022-37903 — CVSS 7.2 (high): A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web…
CVE-2022-37912 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2026-44854 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44855 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44856 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44857 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44858 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44859 — CVSS 7.2 (high): Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line…
CVE-2026-44860 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44861 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44863 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44864 — CVSS 7.2 (high): SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface…
CVE-2026-44865 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44866 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44867 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44868 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44869 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2026-44870 — CVSS 7.2 (high): Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10…
CVE-2026-44871 — CVSS 7.2 (high): Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10…
CVE-2026-44872 — CVSS 7.2 (high): A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2023-22758 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22759 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22760 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22761 — CVSS 7.2 (high): Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of…
CVE-2023-22762 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22763 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22764 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22765 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22766 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22767 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22768 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22769 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22770 — CVSS 7.2 (high): Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these…
CVE-2023-22773 — CVSS 7.2 (high): Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities…
CVE-2023-22774 — CVSS 7.2 (high): Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities…
CVE-2026-44852 — CVSS 7.2 (high): An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the…
CVE-2026-44853 — CVSS 7.2 (high): Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful…
CVE-2023-22771 — CVSS 6.8 (medium): An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this…
CVE-2022-37904 — CVSS 6.6 (medium): Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot…
CVE-2022-37905 — CVSS 6.6 (medium): Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot…
CVE-2023-22775 — CVSS 6.5 (medium): A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface…
CVE-2022-37906 — CVSS 6.5 (medium): An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability…
CVE-2023-22772 — CVSS 6.5 (medium): An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this…
CVE-2021-37729 — CVSS 6.5 (medium): A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2021-37731 — CVSS 6.2 (medium): A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2022-37908 — CVSS 5.8 (medium): An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can…
CVE-2022-37907 — CVSS 5.8 (medium): A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an…
CVE-2026-44873 — CVSS 5.4 (medium): A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are…
CVE-2022-37909 — CVSS 5.3 (medium): Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The…
CVE-2021-37733 — CVSS 4.9 (medium): A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s)…
CVE-2023-22776 — CVSS 4.9 (medium): An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability…
CVE-2023-22777 — CVSS 4.9 (medium): An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this…
CVE-2023-22778 — CVSS 4.8 (medium): A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site…
CVE-2022-37910 — CVSS 4.4 (medium): A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a…
CVE-2022-37911 — CVSS 3.8 (low): Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit…