CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-37886
https://notcve.org/view.php?id=CVE-2022-37886
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. Se presentan vulnerabilidades de desbordamiento de búfer en múltiples servicios subyacentes que podrían conllevar a una ejecución de código remota no autenticado mediante el envío de paquetes especialmente diseñados destinados al puerto UDP de PAPI (protocolo de administración de AP de Aruba Networks) (8211). Una explotación con éxito de estas vulnerabilidades resulta en la capacidad de ejecutar código arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InstantOS que abordan estas vulnerabilidades de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-37888
https://notcve.org/view.php?id=CVE-2022-37888
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. Se presentan vulnerabilidades de desbordamiento de búfer en múltiples servicios subyacentes que podrían conllevar a una ejecución de código remoto no autenticado mediante el envío de paquetes especialmente diseñados destinados al puerto UDP de PAPI (protocolo de gestión de AP de Aruba Networks) (8211). Una explotación con éxito de estas vulnerabilidades resulta en la capacidad de ejecutar código arbitrario como un usuario privilegiado en el sistema operativo subyacente de Aruba InstantOS versiones 6.4.x: 6.4.4.8-4.2.4.20 y anteriores; Aruba InstantOS 6.5.x: 6.5.4.23 y anteriores; Aruba InstantOS 8. 6.x: 8.6.0.18 y anteriores; Aruba InstantOS 8.7.x: 8.7.1.9 y anteriores; Aruba InstantOS 8.10.x: 8.10.0.1 y anteriores; ArubaOS 10.3.x: 10.3.1.0 y anteriores; Aruba ha publicado actualizaciones para Aruba InnstantOS que abordan estas vulnerabilidades de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2021-37731
https://notcve.org/view.php?id=CVE-2021-37731
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de salto de ruta local en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-37725
https://notcve.org/view.php?id=CVE-2021-37725
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de tipo cross-site request forgery (csrf) remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2021-37733
https://notcve.org/view.php?id=CVE-2021-37733
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •