Aruba Networks Arubaos

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Aruba Networks Arubaos.

By the Year

In 2025 there have been 0 vulnerabilities in Aruba Networks Arubaos. Last year, in 2024 Arubaos had 37 security vulnerabilities published. Right now, Arubaos is on track to have less security vulnerabilities in 2025 than it did last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	37	8.15
2023	42	8.28
2022	27	7.77
2021	14	7.14
2020	1	9.80
2019	3	7.70
2018	1	7.50

It may take a day or so for new Arubaos vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Aruba Networks Arubaos Security Vulnerabilities

Unauth DoS in Soft AP Daemon via PAPI Prevents AP Functionality
CVE-2024-42400 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Soft AP daemon PAPI DoS: Unauthenticated exploitation
CVE-2024-42399 5.3 - Medium - August 06, 2024

Unauthenticated DoS via Soft AP PAPI Exploit
CVE-2024-42398 5.3 - Medium - August 06, 2024

CVE-2024-42395: AP Cert Mgmt Service Unauth RCE
CVE-2024-42395 9.8 - Critical - August 06, 2024

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

Unauth RCE via Soft AP Daemon Service
CVE-2024-42394 9.8 - Critical - August 06, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

Unauthenticated RCE in Soft AP Daemon Service (CVE-2024-42393)
CVE-2024-42393 9.8 - Critical - August 06, 2024

Memory Corruption

CVE-2024-31483: Authenticated Info Leak via CLI PAPI Service allowing OS file read
CVE-2024-31483 6.5 - Medium - May 14, 2024

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.

ArubaAP CLI Buffer Overflow Enables Unauth RCE via PAPI UDP
CVE-2024-31467 9.8 - Critical - May 14, 2024

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

BF in Aruba Central Comm svc -> unauth RCE via PAPI UDP 8211
CVE-2024-31468 9.8 - Critical - May 14, 2024

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Buffer Overflow in Aruba Central Comm Service (PAPI) UDP 8211 -> RCE
CVE-2024-31469 9.8 - Critical - May 14, 2024

Aruba AP SAE Buffer Overflow Enables RCE via PAPI UDP
CVE-2024-31470 9.8 - Critical - May 14, 2024

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVE-2024-31471 Aruba Central Comm PAPI UDP Command Injection
CVE-2024-31471 9.8 - Critical - May 14, 2024

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Aruba Soft AP Daemon: UDP 8211 CoI Exploits PAPI (CVE-2024-31472)
CVE-2024-31472 9.8 - Critical - May 14, 2024

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Command injection in Aruba Access Point PAPI UDP 8211 enabling RCE
CVE-2024-31473 9.8 - Critical - May 14, 2024

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Aruba AP CLI Arbitrary File Deletion via PAPI
CVE-2024-31474 8.2 - High - May 14, 2024

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point

Aruba Central Comms: Arbitrary File Delete via PAPI
CVE-2024-31475 8.2 - High - May 14, 2024

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.

Authenticated CLI Command Injection Resulting in Privileged OS Code Execution
CVE-2024-31476 8.8 - High - May 14, 2024

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Unknown Authenticated CLI Command Injection Enabling Privileged OS Cmd Exec
CVE-2024-31477 8.8 - High - May 14, 2024

Soft AP Daemon Unauthenticated DoS via PAPI
CVE-2024-31478 7.5 - High - May 14, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.

Unauthenticated DoS in Central Communications Service via PAPI
CVE-2024-31479 7.5 - High - May 14, 2024

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

Unauthenticated CLI DoS via PAPI Protocol
CVE-2024-31480 7.5 - High - May 14, 2024

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

Unauthenticated DoS via PAPI CLI Service
CVE-2024-31481 7.5 - High - May 14, 2024

Unauthenticated DoS via ANSI Escape in PAPI Service
CVE-2024-31482 7.5 - High - May 14, 2024

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.

Aruba AP PAPI Buffer Overflow RCE
CVE-2024-31466 9.8 - Critical - May 14, 2024

Unauth DoS in AP Mngmt Service via PAPI Protocol
CVE-2024-33513 - May 01, 2024

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.

Unauthenticated DoS in AP Management Service via PAPI
CVE-2024-33514 7.5 - High - May 01, 2024

CVE-2024-33515: Unauth DoS in AP Management via PAPI
CVE-2024-33515 7.5 - High - May 01, 2024

ArubaOS Auth Service PAPI DoS via Unauthenticated Request
CVE-2024-33516 7.5 - High - May 01, 2024

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller.

Unauthenticated DoS in Radio Frequency Manager (PAPI)
CVE-2024-33517 7.5 - High - May 01, 2024

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.

Unauthenticated DoS in Radio Frequency Manager via PAPI
CVE-2024-33518 - May 01, 2024

ArubaOS CLI Command Injection enables Privileged OS Cmd Exec
CVE-2024-1356 - March 05, 2024

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

ArubaOS IKE_AUTH config leads to partial info disclosure
CVE-2024-25616 3.7 - Low - March 05, 2024

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

Unauthenticated DoS via Spectrum PAPI in ArubaOS 8.x
CVE-2024-25615 - March 05, 2024

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.

ArubaOS CLI Arbitrary File Delete (CVE-2024-25614)
CVE-2024-25614 9.1 - Critical - March 05, 2024

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.

ArubaOS CLI Authenticated CMD Injection Enables Privileged OS Exec
CVE-2024-25613 - March 05, 2024

CVE-2024-25612 ArubaOS CLI Authenticated Cmd Injection Privileged Exec
CVE-2024-25612 - March 05, 2024

ArubaOS CLI Auth Cmd Injection Privileged OS Exec
CVE-2024-25611 - March 05, 2024

Authenticated Persistent Privileged Code Execution Across Reboot
CVE-2023-45626 7.2 - High - November 14, 2023

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.

Auth CLI Cmd Injection Privileged OS Exec
CVE-2023-45625 7.2 - High - November 14, 2023

Command Injection

CVE-2023-45615: Unauth RCE via PAPI UDP 8211 on Aruba APs
CVE-2023-45615 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba PAPI CLI Buffer Overflow Unauth RCE (CVE-2023-45614)
CVE-2023-45614 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba AP RSSI Service via PAPI Enables Arbitrary File Deletion
CVE-2023-45619 8.2 - High - November 14, 2023

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

Aruba AirWave PAPI Client: Arbitrary File Delete via PAPI
CVE-2023-45618 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

Aruba AP CLI service permits arbitrary file deletion via PAPI
CVE-2023-45617 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

Unauthenticated DoS in Soft AP Daemon via PAPI Protocol
CVE-2023-45624 7.5 - High - November 14, 2023

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Authenticated CLI DoS in WiFi Access Point
CVE-2023-45627 6.5 - Medium - November 14, 2023

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Unauthenticated DoS via PAPI CLI on Cisco Access Points
CVE-2023-45620 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated CLI DoS via PAPI on Access Point
CVE-2023-45621 7.5 - High - November 14, 2023

Unauthenticated DoS via Wi-Fi Uplink PAPI on Cisco Wireless Controller
CVE-2023-45623 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Buffer Overflow in Aruba AirWave Client allows UAC RCE via PAPI UDP
CVE-2023-45616 9.8 - Critical - November 14, 2023

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Aruba Networks Arubaos or by Aruba Networks? Click the Watch button to subscribe.

Aruba Networks
Vendor

Aruba Networks Arubaos
Product

Aruba Networks Arubaos

Don't miss out!

By the Year

Recent Aruba Networks Arubaos Security Vulnerabilities

Unauth DoS in Soft AP Daemon via PAPI Prevents AP Functionality CVE-2024-42400 5.3 - Medium - August 06, 2024

Soft AP daemon PAPI DoS: Unauthenticated exploitation CVE-2024-42399 5.3 - Medium - August 06, 2024

Unauthenticated DoS via Soft AP PAPI Exploit CVE-2024-42398 5.3 - Medium - August 06, 2024

CVE-2024-42395: AP Cert Mgmt Service Unauth RCE CVE-2024-42395 9.8 - Critical - August 06, 2024

Unauth RCE via Soft AP Daemon Service CVE-2024-42394 9.8 - Critical - August 06, 2024

Unauthenticated RCE in Soft AP Daemon Service (CVE-2024-42393) CVE-2024-42393 9.8 - Critical - August 06, 2024

CVE-2024-31483: Authenticated Info Leak via CLI PAPI Service allowing OS file read CVE-2024-31483 6.5 - Medium - May 14, 2024

ArubaAP CLI Buffer Overflow Enables Unauth RCE via PAPI UDP CVE-2024-31467 9.8 - Critical - May 14, 2024

BF in Aruba Central Comm svc -> unauth RCE via PAPI UDP 8211 CVE-2024-31468 9.8 - Critical - May 14, 2024

Buffer Overflow in Aruba Central Comm Service (PAPI) UDP 8211 -> RCE CVE-2024-31469 9.8 - Critical - May 14, 2024

Aruba AP SAE Buffer Overflow Enables RCE via PAPI UDP CVE-2024-31470 9.8 - Critical - May 14, 2024

CVE-2024-31471 Aruba Central Comm PAPI UDP Command Injection CVE-2024-31471 9.8 - Critical - May 14, 2024

Aruba Soft AP Daemon: UDP 8211 CoI Exploits PAPI (CVE-2024-31472) CVE-2024-31472 9.8 - Critical - May 14, 2024

Command injection in Aruba Access Point PAPI UDP 8211 enabling RCE CVE-2024-31473 9.8 - Critical - May 14, 2024

Aruba AP CLI Arbitrary File Deletion via PAPI CVE-2024-31474 8.2 - High - May 14, 2024

Aruba Central Comms: Arbitrary File Delete via PAPI CVE-2024-31475 8.2 - High - May 14, 2024

Authenticated CLI Command Injection Resulting in Privileged OS Code Execution CVE-2024-31476 8.8 - High - May 14, 2024

Unknown Authenticated CLI Command Injection Enabling Privileged OS Cmd Exec CVE-2024-31477 8.8 - High - May 14, 2024

Soft AP Daemon Unauthenticated DoS via PAPI CVE-2024-31478 7.5 - High - May 14, 2024

Unauthenticated DoS in Central Communications Service via PAPI CVE-2024-31479 7.5 - High - May 14, 2024

Unauthenticated CLI DoS via PAPI Protocol CVE-2024-31480 7.5 - High - May 14, 2024

Unauthenticated DoS via PAPI CLI Service CVE-2024-31481 7.5 - High - May 14, 2024

Unauthenticated DoS via ANSI Escape in PAPI Service CVE-2024-31482 7.5 - High - May 14, 2024

Aruba AP PAPI Buffer Overflow RCE CVE-2024-31466 9.8 - Critical - May 14, 2024

Unauth DoS in AP Mngmt Service via PAPI Protocol CVE-2024-33513 - May 01, 2024

Unauthenticated DoS in AP Management Service via PAPI CVE-2024-33514 7.5 - High - May 01, 2024

CVE-2024-33515: Unauth DoS in AP Management via PAPI CVE-2024-33515 7.5 - High - May 01, 2024

ArubaOS Auth Service PAPI DoS via Unauthenticated Request CVE-2024-33516 7.5 - High - May 01, 2024

Unauthenticated DoS in Radio Frequency Manager (PAPI) CVE-2024-33517 7.5 - High - May 01, 2024

Unauthenticated DoS in Radio Frequency Manager via PAPI CVE-2024-33518 - May 01, 2024

ArubaOS CLI Command Injection enables Privileged OS Cmd Exec CVE-2024-1356 - March 05, 2024

ArubaOS IKE_AUTH config leads to partial info disclosure CVE-2024-25616 3.7 - Low - March 05, 2024

Unauthenticated DoS via Spectrum PAPI in ArubaOS 8.x CVE-2024-25615 - March 05, 2024

ArubaOS CLI Arbitrary File Delete (CVE-2024-25614) CVE-2024-25614 9.1 - Critical - March 05, 2024

ArubaOS CLI Authenticated CMD Injection Enables Privileged OS Exec CVE-2024-25613 - March 05, 2024

CVE-2024-25612 ArubaOS CLI Authenticated Cmd Injection Privileged Exec CVE-2024-25612 - March 05, 2024

ArubaOS CLI Auth Cmd Injection Privileged OS Exec CVE-2024-25611 - March 05, 2024

Authenticated Persistent Privileged Code Execution Across Reboot CVE-2023-45626 7.2 - High - November 14, 2023

Auth CLI Cmd Injection Privileged OS Exec CVE-2023-45625 7.2 - High - November 14, 2023

CVE-2023-45615: Unauth RCE via PAPI UDP 8211 on Aruba APs CVE-2023-45615 9.8 - Critical - November 14, 2023

Aruba PAPI CLI Buffer Overflow Unauth RCE (CVE-2023-45614) CVE-2023-45614 9.8 - Critical - November 14, 2023

Aruba AP RSSI Service via PAPI Enables Arbitrary File Deletion CVE-2023-45619 8.2 - High - November 14, 2023

Aruba AirWave PAPI Client: Arbitrary File Delete via PAPI CVE-2023-45618 8.2 - High - November 14, 2023

Aruba AP CLI service permits arbitrary file deletion via PAPI CVE-2023-45617 8.2 - High - November 14, 2023

Unauthenticated DoS in Soft AP Daemon via PAPI Protocol CVE-2023-45624 7.5 - High - November 14, 2023

Authenticated CLI DoS in WiFi Access Point CVE-2023-45627 6.5 - Medium - November 14, 2023

Unauthenticated DoS via PAPI CLI on Cisco Access Points CVE-2023-45620 7.5 - High - November 14, 2023

Unauthenticated CLI DoS via PAPI on Access Point CVE-2023-45621 7.5 - High - November 14, 2023

Unauthenticated DoS via Wi-Fi Uplink PAPI on Cisco Wireless Controller CVE-2023-45623 7.5 - High - November 14, 2023

Buffer Overflow in Aruba AirWave Client allows UAC RCE via PAPI UDP CVE-2023-45616 9.8 - Critical - November 14, 2023

Stay on top of Security Vulnerabilities

Aruba Networks Vendor

Aruba Networks ArubaosProduct

Unauth DoS in Soft AP Daemon via PAPI Prevents AP Functionality
CVE-2024-42400 5.3 - Medium - August 06, 2024

Soft AP daemon PAPI DoS: Unauthenticated exploitation
CVE-2024-42399 5.3 - Medium - August 06, 2024

Unauthenticated DoS via Soft AP PAPI Exploit
CVE-2024-42398 5.3 - Medium - August 06, 2024

CVE-2024-42395: AP Cert Mgmt Service Unauth RCE
CVE-2024-42395 9.8 - Critical - August 06, 2024

Unauth RCE via Soft AP Daemon Service
CVE-2024-42394 9.8 - Critical - August 06, 2024

Unauthenticated RCE in Soft AP Daemon Service (CVE-2024-42393)
CVE-2024-42393 9.8 - Critical - August 06, 2024

CVE-2024-31483: Authenticated Info Leak via CLI PAPI Service allowing OS file read
CVE-2024-31483 6.5 - Medium - May 14, 2024

ArubaAP CLI Buffer Overflow Enables Unauth RCE via PAPI UDP
CVE-2024-31467 9.8 - Critical - May 14, 2024

BF in Aruba Central Comm svc -> unauth RCE via PAPI UDP 8211
CVE-2024-31468 9.8 - Critical - May 14, 2024

Buffer Overflow in Aruba Central Comm Service (PAPI) UDP 8211 -> RCE
CVE-2024-31469 9.8 - Critical - May 14, 2024

Aruba AP SAE Buffer Overflow Enables RCE via PAPI UDP
CVE-2024-31470 9.8 - Critical - May 14, 2024

CVE-2024-31471 Aruba Central Comm PAPI UDP Command Injection
CVE-2024-31471 9.8 - Critical - May 14, 2024

Aruba Soft AP Daemon: UDP 8211 CoI Exploits PAPI (CVE-2024-31472)
CVE-2024-31472 9.8 - Critical - May 14, 2024

Command injection in Aruba Access Point PAPI UDP 8211 enabling RCE
CVE-2024-31473 9.8 - Critical - May 14, 2024

Aruba AP CLI Arbitrary File Deletion via PAPI
CVE-2024-31474 8.2 - High - May 14, 2024

Aruba Central Comms: Arbitrary File Delete via PAPI
CVE-2024-31475 8.2 - High - May 14, 2024

Authenticated CLI Command Injection Resulting in Privileged OS Code Execution
CVE-2024-31476 8.8 - High - May 14, 2024

Unknown Authenticated CLI Command Injection Enabling Privileged OS Cmd Exec
CVE-2024-31477 8.8 - High - May 14, 2024

Soft AP Daemon Unauthenticated DoS via PAPI
CVE-2024-31478 7.5 - High - May 14, 2024

Unauthenticated DoS in Central Communications Service via PAPI
CVE-2024-31479 7.5 - High - May 14, 2024

Unauthenticated CLI DoS via PAPI Protocol
CVE-2024-31480 7.5 - High - May 14, 2024

Unauthenticated DoS via PAPI CLI Service
CVE-2024-31481 7.5 - High - May 14, 2024

Unauthenticated DoS via ANSI Escape in PAPI Service
CVE-2024-31482 7.5 - High - May 14, 2024

Aruba AP PAPI Buffer Overflow RCE
CVE-2024-31466 9.8 - Critical - May 14, 2024

Unauth DoS in AP Mngmt Service via PAPI Protocol
CVE-2024-33513 - May 01, 2024

Unauthenticated DoS in AP Management Service via PAPI
CVE-2024-33514 7.5 - High - May 01, 2024

CVE-2024-33515: Unauth DoS in AP Management via PAPI
CVE-2024-33515 7.5 - High - May 01, 2024

ArubaOS Auth Service PAPI DoS via Unauthenticated Request
CVE-2024-33516 7.5 - High - May 01, 2024

Unauthenticated DoS in Radio Frequency Manager (PAPI)
CVE-2024-33517 7.5 - High - May 01, 2024

Unauthenticated DoS in Radio Frequency Manager via PAPI
CVE-2024-33518 - May 01, 2024

ArubaOS CLI Command Injection enables Privileged OS Cmd Exec
CVE-2024-1356 - March 05, 2024

ArubaOS IKE_AUTH config leads to partial info disclosure
CVE-2024-25616 3.7 - Low - March 05, 2024

Unauthenticated DoS via Spectrum PAPI in ArubaOS 8.x
CVE-2024-25615 - March 05, 2024

ArubaOS CLI Arbitrary File Delete (CVE-2024-25614)
CVE-2024-25614 9.1 - Critical - March 05, 2024

ArubaOS CLI Authenticated CMD Injection Enables Privileged OS Exec
CVE-2024-25613 - March 05, 2024

CVE-2024-25612 ArubaOS CLI Authenticated Cmd Injection Privileged Exec
CVE-2024-25612 - March 05, 2024

ArubaOS CLI Auth Cmd Injection Privileged OS Exec
CVE-2024-25611 - March 05, 2024

Authenticated Persistent Privileged Code Execution Across Reboot
CVE-2023-45626 7.2 - High - November 14, 2023

Auth CLI Cmd Injection Privileged OS Exec
CVE-2023-45625 7.2 - High - November 14, 2023

CVE-2023-45615: Unauth RCE via PAPI UDP 8211 on Aruba APs
CVE-2023-45615 9.8 - Critical - November 14, 2023

Aruba PAPI CLI Buffer Overflow Unauth RCE (CVE-2023-45614)
CVE-2023-45614 9.8 - Critical - November 14, 2023

Aruba AP RSSI Service via PAPI Enables Arbitrary File Deletion
CVE-2023-45619 8.2 - High - November 14, 2023

Aruba AirWave PAPI Client: Arbitrary File Delete via PAPI
CVE-2023-45618 8.2 - High - November 14, 2023

Aruba AP CLI service permits arbitrary file deletion via PAPI
CVE-2023-45617 8.2 - High - November 14, 2023

Unauthenticated DoS in Soft AP Daemon via PAPI Protocol
CVE-2023-45624 7.5 - High - November 14, 2023

Authenticated CLI DoS in WiFi Access Point
CVE-2023-45627 6.5 - Medium - November 14, 2023

Unauthenticated DoS via PAPI CLI on Cisco Access Points
CVE-2023-45620 7.5 - High - November 14, 2023

Unauthenticated CLI DoS via PAPI on Access Point
CVE-2023-45621 7.5 - High - November 14, 2023

Unauthenticated DoS via Wi-Fi Uplink PAPI on Cisco Wireless Controller
CVE-2023-45623 7.5 - High - November 14, 2023

Buffer Overflow in Aruba AirWave Client allows UAC RCE via PAPI UDP
CVE-2023-45616 9.8 - Critical - November 14, 2023

Aruba Networks
Vendor

Aruba Networks Arubaos
Product