CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2021-37731
https://notcve.org/view.php?id=CVE-2021-37731
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de salto de ruta local en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-37725
https://notcve.org/view.php?id=CVE-2021-37725
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de tipo cross-site request forgery (csrf) remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2021-37733
https://notcve.org/view.php?id=CVE-2021-37733
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-37729
https://notcve.org/view.php?id=CVE-2021-37729
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de salto de ruta remota en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.0-2.2.0.4; anteriores a 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2021-37721
https://notcve.org/view.php?id=CVE-2021-37721
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •