CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2023-35974 – Authenticated Remote Command Execution in the ArubaOS Command Line Interface
https://notcve.org/view.php?id=CVE-2023-35974
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2023-35973 – Authenticated Remote Command Execution in the ArubaOS Command Line Interface
https://notcve.org/view.php?id=CVE-2023-35973
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2023-35972 – Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
https://notcve.org/view.php?id=CVE-2023-35972
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-35971 – Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface
https://notcve.org/view.php?id=CVE-2023-35971
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-37911
https://notcve.org/view.php?id=CVE-2022-37911
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. Debido a restricciones inadecuadas sobre entidades XML, existen múltiples vulnerabilidades en la interfaz de línea de comandos de ArubaOS. Una explotación exitosa podría permitir a un atacante autenticado recuperar archivos del sistema local o hacer que la aplicación consuma recursos del sistema, lo que resultaría en una condición de Denegación de Servicio (DoS). • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt • CWE-611: Improper Restriction of XML External Entity Reference •