NotCVE - vendor:"Arubanetworks" product:"Arubaos" version:" >= 8.2.1.1

Page 8 of 38 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-5314

https://notcve.org/view.php?id=CVE-2019-5314

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. Algunos componentes web en el software ArubaOS son susceptibles a vulnerabilidades de división de respuesta HTTP (inyección CRLF) y de tipo XSS Reflejado. Un atacante podría ser capaz de lograr esto mediante el envío de determinados parámetros URL que desencadenarían esta vulnerabilidad. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1

CVE-2018-7081

https://notcve.org/view.php?id=CVE-2018-7081

A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2018-7080

https://notcve.org/view.php?id=CVE-2018-7080

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986. • http://www.securityfocus.com/bid/105814 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt •

1...6 7 8