Filtered by vendor Arubanetworks
Subscriptions
Filtered by product 9004
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23601 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-03-09 | 5.4 Medium |
| A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation. | ||||
| CVE-2026-23808 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-03-09 | 5.4 Medium |
| A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality. | ||||
| CVE-2026-23809 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-03-09 | 5.4 Medium |
| A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service. | ||||
| CVE-2026-23810 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-03-09 | 4.3 Medium |
| A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries. | ||||
| CVE-2026-23811 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-03-09 | 4.3 Medium |
| A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack. | ||||
| CVE-2026-23812 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-03-09 | 4.3 Medium |
| A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position. | ||||
| CVE-2023-22762 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-12 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22767 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22766 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22765 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22764 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22763 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22776 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 4.9 Medium |
| An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | ||||
| CVE-2023-22774 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | ||||
| CVE-2023-22773 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | ||||
| CVE-2023-22768 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22769 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22770 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22771 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 6.8 Medium |
| An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account | ||||
| CVE-2023-38486 | 1 Arubanetworks | 5 9004, 9004-lte, 9012 and 2 more | 2024-11-21 | 7.7 High |
| A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. | ||||