CVE-2020-24632
https://notcve.org/view.php?id=CVE-2020-24632
A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •
CVE-2020-24631
https://notcve.org/view.php?id=CVE-2020-24631
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Se detectó una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba Airwave Software versión(es): Anteriores a 1.3.2 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us •
CVE-2019-5326
https://notcve.org/view.php?id=CVE-2019-5326
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. Un usuario de aplicación administrativa o un usuario de aplicación con acceso de escritura en Aruba Airwave VisualRF es capaz de obtener una ejecución de código en la plataforma AMP. Esto es posible debido a la capacidad de sobrescribir un archivo en el disco que posteriormente es deserializado por el componente de aplicación Java. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt • CWE-502: Deserialization of Untrusted Data •
CVE-2019-5323
https://notcve.org/view.php?id=CVE-2019-5323
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. Se presentan vulnerabilidades de inyección de comando presentes en la aplicación Airwave. Determinados campos de entrada controlados por un usuario administrativo no son saneados apropiadamente antes de ser analizados por Airwave. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-2031 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2016-2031
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. Se presentan múltiples vulnerabilidades en Aruba Instate versiones anteriores a 4.1.3.0 y 4.2.3.1, debido a una comprobación insuficiente de la entrada suministrada por el usuario y una comprobación insuficiente de los parámetros, lo que podría permitir a un usuario malicioso omitir las restricciones de seguridad, obtener información confidencial, llevar a cabo acciones no autorizadas y ejecutar código arbitrario. Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html http://seclists.org/fulldisclosure/2016/May/19 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf https://www.securityfocus.com/bid/90207 • CWE-20: Improper Input Validation •