CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23052 – Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface
https://notcve.org/view.php?id=CVE-2025-23052
14 Jan 2025 — Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlyin... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04723en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23051 – Authenticated Remote Code Execution in AOS Web-based Management Interface
https://notcve.org/view.php?id=CVE-2025-23051
14 Jan 2025 — An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbi... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04723en_us&docLocale=en_US •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47464 – Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files
https://notcve.org/view.php?id=CVE-2024-47464
05 Nov 2024 — An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote unauthorized access to files. Existe una vulnerabilidad de Path Traversal autenticado en Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad permite a un atacante copiar archivos arbitrarios a una u... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47463 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47463
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. Existe una vulnerabilidad de creación de archivos arbitrarios en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad podría permitir que un atacant... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47462 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47462
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. Existe una vulnerabilidad de creación de archivos arbitrarios en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad podría permitir que un atacant... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47461 – Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
https://notcve.org/view.php?id=CVE-2024-47461
05 Nov 2024 — An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. Una explotación exitosa de esta v... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47460 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-47460
05 Nov 2024 — Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. La vulnerabilidad de inyección de comandos en el servicio CLI subyacente podría provocar la ejecución remota de código no autent... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42509 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42509
05 Nov 2024 — Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. La vulnerabilidad de inyección de comandos en el servicio CLI subyacente podría provocar la ejecución remota de código no autent... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •