CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-25149
https://notcve.org/view.php?id=CVE-2021-25149
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de desbordamiento de búfer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-25145
https://notcve.org/view.php?id=CVE-2021-25145
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de divulgación remota de información no autorizada en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.18 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.14 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.10 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.5 y anteriores; Aruba Instant versiones 8.7.x: 8.7.0.0 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad. • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-25144
https://notcve.org/view.php?id=CVE-2021-25144
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de desbordamiento del búfer remoto en algunos productos Aruba Instant Access Point (IAP) en las versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5317
https://notcve.org/view.php?id=CVE-2019-5317
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de omisión de autenticación local en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.18 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.15 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.11 y anteriores; Aruba Instant versiones 8.4.x: 8.4.0.5 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores. Aruba, ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16417
https://notcve.org/view.php?id=CVE-2018-16417
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. Aruba Instant versiones 4.x anteriores a la versión 6.4.4.8-4.2.4.12, versiones 6.5.x anteriores a la versión 6.5.4.11, versiones 8.3.x anteriores a 8.3.0.6 y versiones 8.4.x anteriores a la versión 8.4.0.1, permite una Inyección de Comandos. • http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf https://www.anquanke.com/vul/id/1652568 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt https://www.us-cert.gov/ics/advisories/ICSA-19-134-07 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •