Page 2 of 103 results (0.007 seconds)

CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt • CWE-613: Insufficient Session Expiration •

CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •