Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25146

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-30 Mar, 2021 | 00:09
Updated At-03 Aug, 2024 | 19:56
Rejected At-
Credits

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:30 Mar, 2021 | 00:09
Updated At:03 Aug, 2024 | 19:56
Rejected At:
▼CVE Numbering Authority (CNA)

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Affected Products
Vendor
n/a
Product
Aruba Instant Access Points
Versions
Affected
  • Aruba Instant 6.5.x: 6.5.4.17 and below
  • Aruba Instant 8.3.x: 8.3.0.13 and below
  • Aruba Instant 8.5.x: 8.5.0.10 and below
  • Aruba Instant 8.6.x: 8.6.0.5 and below
  • Aruba Instant 8.7.x: 8.7.0.0 and below
Problem Types
TypeCWE IDDescription
textN/Aremote execution of arbitrary commands
Type: text
CWE ID: N/A
Description: remote execution of arbitrary commands
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
x_refsource_CONFIRM
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
Resource:
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
x_refsource_MISC
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:30 Mar, 2021 | 01:15
Updated At:28 Jun, 2022 | 14:11

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Aruba Networks
arubanetworks
>>instant>>Versions from 6.5.0.0(inclusive) to 6.5.4.18(exclusive)
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>instant>>Versions from 8.3.0.0(inclusive) to 8.3.0.14(exclusive)
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>instant>>Versions from 8.5.0.0(inclusive) to 8.5.0.11(exclusive)
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>instant>>Versions from 8.6.0.0(inclusive) to 8.6.0.6(exclusive)
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>instant>>Versions from 8.7.0.0(inclusive) to 8.7.1.0(exclusive)
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_w1750d_firmware>>Versions from 8.7.0(inclusive) to 8.7.1.3(exclusive)
cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_w1750d>>-
cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdfsecurity-alert@hpe.com
Patch
Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txtsecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Source: security-alert@hpe.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1200Records found
CVE-2024-27944
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.41% / 84.47%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-27494
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.4||CRITICAL
EPSS-0.18% / 39.38%
||
7 Day CHG+0.05%
Published-11 Mar, 2025 | 09:48
Updated-22 Aug, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-sipass_integrated_ac5102_\(acc-g2\)_firmwaresipass_integrated_acc-ap_firmwaresipass_integrated_acc-apsipass_integrated_ac5102_\(acc-g2\)SiPass integrated ACC-APSiPass integrated AC5102 (ACC-G2)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27945
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.41% / 84.47%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-33732
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-1.25% / 78.50%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-26295
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.28% / 51.30%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 21:56
Updated-27 Mar, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Managerclearpass_policy_manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-33736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-1.06% / 76.80%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33734
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33733
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33731
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33730
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-26298
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 22:04
Updated-27 Mar, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Managerclearpass_policy_manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-26963
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.63% / 87.36%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 16:08
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwaveAruba AirWave Management Platform
CVE-2021-25152
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.98% / 75.85%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 19:18
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwaveAruba AirWave Management Platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-23337
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-7.2||HIGH
EPSS-0.55% / 66.99%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 12:15
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Action-Not Available
Vendor-lodashn/aNetApp, Inc.Oracle CorporationSiemens AG
Product-peoplesoft_enterprise_peopletoolsprimavera_unifiersinec_insfinancial_services_crime_and_compliance_management_studioprimavera_gatewaylodashactive_iq_unified_managerhealth_sciences_data_management_workbenchcommunications_cloud_native_core_policysystem_managercloud_managerbanking_trade_finance_process_managementbanking_supply_chain_financecommunications_design_studiobanking_credit_facilities_process_managementcommunications_cloud_native_core_binding_support_functionbanking_corporate_lending_process_managementbanking_extensibility_workbenchcommunications_session_border_controllercommunications_services_gatekeeperenterprise_communications_brokerjd_edwards_enterpriseone_toolsretail_customer_management_and_segmentation_foundationLodash
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-37879
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.63%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 19:57
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-10940
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.9||CRITICAL
EPSS-0.18% / 39.86%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 15:35
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinema_serverSINEMA Server
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-10916
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.25%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 19:54
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_winccsimatic_pcs_7simatic_wincc_runtime_professionalsimatic_wincc_\(tia_portal\)SIMATIC WinCC Runtime Professional V13SIMATIC WinCC (TIA Portal) V14SIMATIC WinCC (TIA Portal) V13SIMATIC WinCC Runtime Professional V14SIMATIC PCS 7 V8.2SIMATIC WinCC V7.3SIMATIC PCS 7 V9.0SIMATIC WinCC (TIA Portal) V15SIMATIC PCS 7 V8.1SIMATIC WinCC Runtime Professional V15SIMATIC WinCC V7.4SIMATIC WinCC V7.5SIMATIC PCS 7 V8.0 and earlierSIMATIC WinCC V7.2 and earlier
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-50572
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.51% / 65.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:50
Updated-11 Feb, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Action-Not Available
Vendor-Siemens AG
Product-scalance_mum856-1_\(cn\)_firmwarescalance_mum853-1_\(b1\)scalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)scalance_m874-3ruggedcom_rm1224_lte\(4g\)_euscalance_m876-3_\(rok\)_firmwarescalance_m816-1_\(annex_a\)_firmwarescalance_m876-4_\(eu\)scalance_mum856-1_\(a1\)_firmwarescalance_mum856-1_\(eu\)scalance_m874-2_firmwarescalance_m876-4_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m876-4_\(eu\)_firmwarescalance_m874-3_\(cn\)scalance_mum856-1_\(b1\)scalance_mum856-1_\(row\)scalance_m812-1_\(annex_b\)scalance_m874-2scalance_mum853-1_\(eu\)_firmwarescalance_m812-1_\(annex_a\)scalance_m816-1_\(annex_a\)scalance_mum856-1_\(b1\)_firmwarescalance_s615_eec_firmwarescalance_m804pbscalance_m826-2scalance_mum853-1_\(a1\)_firmwarescalance_m874-3_\(cn\)_firmwarescalance_m876-4_\(nam\)scalance_mum853-1_\(a1\)scalance_m876-4scalance_s615ruggedcom_rm1224_lte\(4g\)_namscalance_m804pb_firmwarescalance_m874-3_firmwareruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_m876-3_firmwarescalance_s615_firmwarescalance_mum856-1_\(eu\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m826-2_firmwarescalance_m876-3_\(rok\)scalance_m876-4_\(nam\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(a1\)scalance_mum856-1_\(cn\)scalance_mum853-1_\(eu\)scalance_s615_eecruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_m876-3scalance_m812-1_\(annex_a\)_firmwareSCALANCE S615 LAN-RouterSCALANCE WUM766-1 (USA)SCALANCE WAM766-1 (ME)SCALANCE MUM856-1 (CN)SCALANCE MUM853-1 (A1)SCALANCE M874-3 3G-Router (CN)SCALANCE M804PBSCALANCE M876-3 (ROK)SCALANCE MUM856-1 (EU)SCALANCE M826-2 SHDSL-RouterRUGGEDCOM RM1224 LTE(4G) EUSCALANCE M816-1 ADSL-RouterSCALANCE MUM853-1 (B1)SCALANCE M874-2SCALANCE M876-3SCALANCE WUB762-1 iFeaturesSCALANCE M876-4SCALANCE M876-4 (EU)SCALANCE WAM763-1SCALANCE WUM766-1SCALANCE WAM766-1 (US)RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M874-3SCALANCE WAM763-1 (ME)SCALANCE MUM856-1 (A1)SCALANCE WAM763-1 (US)SCALANCE WAB762-1SCALANCE S615 EEC LAN-RouterSCALANCE WAM766-1 EECSCALANCE MUM853-1 (EU)SCALANCE WAM766-1 EEC (US)SCALANCE WUM763-1 (US)SCALANCE WAM766-1SCALANCE WUM763-1SCALANCE WUB762-1SCALANCE MUM856-1 (B1)SCALANCE MUM856-1 (RoW)SCALANCE WUM766-1 (ME)SCALANCE M812-1 ADSL-RouterSCALANCE WAM766-1 EEC (ME)SCALANCE M876-4 (NAM)scalance_mum856-1_\(cn\)_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_s615_eec_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_mum856-1_\(row\)_firmwarescalance_mum856-1_\(a1\)_firmwarescalance_m874-3_firmwarescalance_m804pb_firmwareruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_s615_firmwarescalance_m876-3_firmwarescalance_mum856-1_\(eu\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m876-4_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum853-1_\(eu\)_firmware
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-47462
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.54% / 66.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 22:57
Updated-09 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10arubaosinstant
CVE-2024-47461
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.68% / 70.73%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 22:54
Updated-09 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10arubaosinstant
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-47463
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.54% / 66.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 22:59
Updated-09 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10arubaosinstant
CVE-2024-42501
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.83% / 73.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 17:13
Updated-20 Sep, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-Aruba OSarubaos
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-41976
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.75% / 72.23%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 07:54
Updated-23 Aug, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_mum856-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_m874-2_firmwarescalance_m874-3scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_mum856-1_\(b1\)scalance_m812-1_\(annex_a\)scalance_m812-1_\(annex_b\)scalance_m876-4_\(nam\)scalance_m804pb_firmwarescalance_s615_lan-routerscalance_m874-3_firmwarescalance_m876-3_firmwarescalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)scalance_s615_eec_lan-routerscalance_s615_lan-router_firmwareruggedcom_rm1224_lte\(4g\)_namscalance_m876-3_\(rok\)_firmwarescalance_m874-3_3g-router_\(cn\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(cn\)scalance_mum856-1_\(a1\)_firmwarescalance_mum856-1_\(a1\)scalance_mum856-1_\(row\)scalance_m876-3_\(rok\)scalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwarescalance_m876-3scalance_m876-4_\(eu\)_firmwarescalance_m816-1_\(annex_b\)scalance_m876-4scalance_m876-4_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_s615_eec_lan-router_firmwarescalance_m812-1_\(annex_a\)_firmwarescalance_m874-2scalance_mum856-1_\(row\)_firmwarescalance_m876-4_\(nam\)_firmwarescalance_m804pbscalance_m874-3_3g-router_\(cn\)scalance_m816-1_\(annex_b\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m816-1_\(annex_a\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_m826-2_shdsl-router_firmwarescalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_m816-1_\(annex_a\)scalance_m826-2_shdsl-routerSCALANCE M874-3 3G-Router (CN)SCALANCE M874-3SCALANCE M816-1 ADSL-Router familySCALANCE MUM856-1 (B1)SCALANCE M876-3 (ROK)SCALANCE MUM856-1 (A1)SCALANCE M804PBSCALANCE MUM856-1 (EU)SCALANCE MUM853-1 (B1)SCALANCE MUM853-1 (EU)SCALANCE S615 EEC LAN-RouterSCALANCE M874-2SCALANCE M876-4RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M876-3SCALANCE M826-2 SHDSL-RouterSCALANCE MUM856-1 (CN)SCALANCE MUM856-1 (RoW)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE M812-1 ADSL-Router familySCALANCE M876-4 (EU)SCALANCE MUM853-1 (A1)SCALANCE M876-4 (NAM)SCALANCE S615 LAN-Routerscalance_m812-1_adsl-routerscalance_mum856-1_\(eu\)scalance_m876-3scalance_m816-1_adsl-routerscalance_m876-4scalance_m874-3scalance_mum856-1_\(b1\)scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_m876-4_\(nam\)scalance_s615_lan-routerscalance_m874-2scalance_m804pbscalance_m874-3_3g-router_\(cn\)scalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)scalance_s615_eec_lan-routerscalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_namscalance_mum856-1_\(cn\)scalance_mum856-1_\(row\)scalance_mum856-1_\(a1\)scalance_m826-2_shdsl-routerscalance_m876-3_\(rok\)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-41135
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.46%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 20:03
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking EdgeConnect SD-WANedgeconnect_sd-wan_orchestrator
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-41133
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.46%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 20:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking EdgeConnect SD-WANedgeconnect_sd-wan_orchestrator
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-41915
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.23% / 45.36%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 17:07
Updated-07 Apr, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerClearPass Policy Manager (CPPM)clearpass_policy_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-41134
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.46%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 20:02
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking EdgeConnect SD-WANedgeconnect_sd-wan_orchestrator
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-38878
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 61.09%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 10:36
Updated-17 Sep, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

Action-Not Available
Vendor-Siemens AG
Product-omnivise_t3000_application_serverOmnivise T3000 Application Server R9.2Omnivise T3000 R8.2 SP3Omnivise T3000 R8.2 SP4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-8368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-25 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwaven/a
CVE-2014-6628
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-28 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managern/a
CVE-2024-33519
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.56% / 67.39%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 19:57
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Server-Side prototype pollution Leading to Information Disclosure

A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking EdgeConnect SD-WANedgeconnect_sd-wan_orchestrator
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2015-4649
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.91% / 74.82%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3654
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.91% / 74.82%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-6627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.89% / 74.59%
||
7 Day CHG~0.00%
Published-19 Nov, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-1550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.76% / 72.31%
||
7 Day CHG~0.00%
Published-28 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27943
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.25% / 83.91%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-26296
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.28% / 51.30%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 21:57
Updated-27 Mar, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Managerclearpass_policy_manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-26297
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.28% / 51.30%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 22:03
Updated-27 Mar, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Managerclearpass_policy_manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-26294
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 21:54
Updated-27 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Managerclearpass_policy_manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-25613
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 20:17
Updated-01 Aug, 2024 | 23:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-ArubaOS Wi-Fi Controllers and Campus/Remote Access Pointsarubaossd-wan
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-25611
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 20:16
Updated-01 Aug, 2024 | 23:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-ArubaOS Wi-Fi Controllers and Campus/Remote Access Pointsarubaossd-wan
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-25612
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 20:16
Updated-01 Aug, 2024 | 23:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-ArubaOS Wi-Fi Controllers and Campus/Remote Access Pointsarubaossd-wan
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-22443
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.94% / 75.34%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 15:08
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-edgeconnect_sd-wan_orchestratorHPE Aruba Networking EdgeConnect SD-WAN Orchestratoredgeconnect_sd-wan_orchestrator
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-37923
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.50% / 64.96%
||
7 Day CHG+0.10%
Published-30 Nov, 2022 | 19:16
Updated-24 Apr, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-edgeconnect_enterpriseAruba EdgeConnect Enterprise Software
CVE-2024-41903
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 07:54
Updated-14 Aug, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption.

Action-Not Available
Vendor-Siemens AG
Product-sinec_traffic_analyzerSINEC Traffic Analyzersinec_traffic_analyzer
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-39569
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.83% / 85.65%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 12:05
Updated-27 Aug, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_clientSINEMA Remote Connect Clientsinema_remote_connect_client
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-37883
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.63%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 19:51
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-37881
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.63%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 19:54
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-37922
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.50% / 64.96%
||
7 Day CHG+0.10%
Published-30 Nov, 2022 | 19:15
Updated-24 Apr, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-edgeconnect_enterpriseAruba EdgeConnect Enterprise Software
CVE-2022-37903
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.28% / 50.93%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:11
Updated-02 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-700872207240xm721070057205arubaos7280702470107030sd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 23
  • 24
  • Next
Details not found