Total
126 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-7299 | 1 Arubanetworks | 1 Arubaos | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session. | |||||
CVE-2013-2290 | 1 Arubanetworks | 1 Arubaos | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID. | |||||
CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2023-12-10 | 10.0 HIGH | N/A |
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | |||||
CVE-2008-7095 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2023-12-10 | 7.8 HIGH | N/A |
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | |||||
CVE-2008-2273 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors. | |||||
CVE-2009-3836 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2023-12-10 | 6.1 MEDIUM | N/A |
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame. |